cbcvebase.

Rommapp Romm vulnerabilities

5 known vulnerabilities affecting rommapp/romm.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-65027P3HIGHCVSS 7.6PoCfixed in 4.4.1-beta.22025-12-03
CVE-2025-65027 [HIGH] CWE-79 CVE-2025-65027: RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the browser executes embedded JavaScript, leading to stored Cro
nvd
CVE-2025-54071P2CRITICALCVSS 9.4fixed in 4.0.0-beta.42025-07-21
CVE-2025-54071 [CRITICAL] CWE-434 CVE-2025-54071: RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the system. The vulnerability permits arbitrary file writ
nvd
CVE-2025-53908P3HIGHCVSS 8.3fixed in 3.10.3fixed in 4.0.0-beta.32025-07-16
CVE-2025-53908 [HIGH] CWE-26 CVE-2025-53908: RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an auth RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage
nvd
CVE-2025-65097P3MEDIUMCVSS 6.5fixed in 4.4.1-beta.22025-12-03
CVE-2025-65097 [MEDIUM] CWE-284 CVE-2025-65097: RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No ownership verification is performed before deleting c
nvd
CVE-2025-65096P4MEDIUMCVSS 4.3fixed in 4.4.1-beta.22025-12-03
CVE-2025-65096 [MEDIUM] CWE-284 CVE-2025-65096: RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership verification or checking if the collection is public/priv
nvd
Rommapp Romm vulnerabilities | cvebase