Vulnerability Report: GO-2025-3734
- CVE-2025-48949, GHSA-5wgp-vjxm-3x2r
- Affects: github.com/navidrome/navidrome
- Published: Jun 03, 2025
Navidrome allows SQL Injection via role parameter in github.com/navidrome/navidrome
For detailed information about this vulnerability, visit https://github.com/navidrome/navidrome/security/advisories/GHSA-5wgp-vjxm-3x2r or https://nvd.nist.gov/vuln/detail/CVE-2025-48949.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/navidrome/navidrome/security/advisories/GHSA-5wgp-vjxm-3x2r
- https://nvd.nist.gov/vuln/detail/CVE-2025-48949
- https://github.com/navidrome/navidrome/commit/b19d5f0d3e079639904cac95735228f445c798b6
- https://vuln.go.dev/ID/GO-2025-3734.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.