What is CVE-2025-13315?

CVE-2025-13315 is a vulnerability in Lynxtechnology Twonky Server, classified under Unprotected Alternate Channel. Published 2025-11-19.

Is CVE-2025-13315 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lynxtechnology Twonky Server

CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted passwor…

EPSS: 0.840 (99.3th percentile) — read the EPSS interpretation.

Affected products

Lynxtechnology Twonky Server — versions 8.5.2

Weakness classification (CWE)

CWE-420 — Unprotected Alternate Channel

Public proof-of-concept exploits

0xBlackash/CVE-2025-13315
rapid7/metasploit-framework

References

www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-a…

Frequently asked questions

What is CVE-2025-13315?: CVE-2025-13315 is a vulnerability in Lynxtechnology Twonky Server, classified under Unprotected Alternate Channel. Published 2025-11-19.
Is CVE-2025-13315 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.