What is CVE-2025-13316?

CVE-2025-13316 is a vulnerability in Lynxtechnology Twonky Server, classified under Use of Hard-coded Cryptographic Key. Published 2025-11-19.

Is CVE-2025-13316 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lynxtechnology Twonky Server

CVE-2025-13316

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the pla…

EPSS: 0.701 (98.7th percentile) — read the EPSS interpretation.

Affected products

Lynxtechnology Twonky Server — versions 8.5.2

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

Public proof-of-concept exploits

rapid7/metasploit-framework

References

www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-a…

Frequently asked questions

What is CVE-2025-13316?: CVE-2025-13316 is a vulnerability in Lynxtechnology Twonky Server, classified under Use of Hard-coded Cryptographic Key. Published 2025-11-19.
Is CVE-2025-13316 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.