Listen to this Post
How the CVE Works
CVE-2025-25205 exploits a flawed regex-based authentication bypass in Audiobookshelf (v2.17.0 to v2.19.0). The server fails to properly validate URLs when unauthenticated requests contain crafted query parameters (e.g., ?r=/api/items/1/cover). The unanchored regex mistakenly matches substrings in malicious URLs, allowing partial authentication bypass or triggering crashes when protected routes are accessed. This exposes sensitive data (e.g., audiobook metadata, covers) or causes denial-of-service if downstream code expects valid user sessions. The patch in v2.19.1 enforces strict URL anchoring.
DailyCVE Form
Platform: Audiobookshelf
Version: 2.17.0-2.19.0
Vulnerability: Auth Bypass
Severity: Critical
Date: 2025-02-12
Prediction: Patch by 2025-03-01
What Undercode Say
curl -X GET "http://vulnerable-server/?r=/api/items/1/cover" Crash trigger: curl -X POST "http://vulnerable-server/admin/reboot"
How Exploit
Craft URLs with `/api/` substrings in query params to bypass checks.
Protection from this CVE
Update to v2.19.1.
Impact
Data disclosure, DoS.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
