CVE-2025-53108

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-53108

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-53108.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-53108

Aliases

GHSA-m6vx-pg9q-vq6m

Published

2025-07-02T15:15:27Z

Modified

2025-07-04T04:58:57.087076Z

Summary

[none]

Details

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item attachments that they do not own. This issue could lead to unauthorized data manipulation or loss of critical inventory data. This issue has been patched in version 0.20.1. There are no workarounds, users must upgrade.

References

Affected packages

Git / github.com/sysadminsmedia/homebox

Affected ranges

Type: GIT
Repo: https://github.com/sysadminsmedia/homebox
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e159dd8a0b5d01d7225795bfba5634781181df20

Affected versions

v0.*

v0.1.0

v0.11.0

v0.11.1

v0.12.0

v0.12.1

v0.13.0

v0.14.0

v0.14.1

v0.14.2

v0.15.0

v0.15.1

v0.15.2

v0.16.0

v0.17.0

v0.17.1

v0.17.2

v0.18.0

v0.19.0

v0.2.0

v0.20.0

v0.3.0

v0.3.1

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.7.0

v0.8.0

v0.8.1

v0.8.2

v0.9.0

v0.9.1

v0.9.2