Auth bypass in Rommapp Romm
CVE-2025-65097
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by direct…
EPSS: 0.000 (13.4th percentile) — read the EPSS interpretation.
Affected products
- Rommapp Romm — versions < 4.4.1-beta.2
Weakness classification (CWE)
References
- https://github.com/rommapp/romm/security/advisories/GHSA-v7c8-f6xc-rv9g (x_refsource_CONFIRM)