CVE-2025-13130

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
7.8 HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/lakshayyverma/CVE-Discovery/blob/main/Radarr.md
https://vuldb.com/?ctiid.332361
https://vuldb.com/?id.332361
https://vuldb.com/?submit.683876