CVE-2025-67493 in Homarr
Summary
by MITRE • 12/17/2025
Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/30/2026
The vulnerability identified as CVE-2025-67493 affects Homarr, an open-source dashboard platform that provides users with a centralized interface for managing various applications and services. This issue represents a critical security flaw in the LDAP authentication implementation that could enable unauthorized privilege escalation and cross-user data access. The vulnerability specifically impacts versions prior to 1.45.3, making it essential for organizations to upgrade their deployments to mitigate potential exploitation. The flaw resides in the insufficient sanitization of user inputs within LDAP search queries, creating a path for malicious actors to manipulate authentication processes and gain unauthorized access to resources belonging to other users.
The technical implementation of this vulnerability stems from inadequate input validation within the LDAP search functionality used by Homarr's authentication system. When users authenticate through LDAP, the application constructs search queries based on user-provided input parameters without proper sanitization or escaping mechanisms. This creates an environment where malicious actors can inject specially crafted input sequences that alter the intended LDAP query structure. The vulnerability falls under CWE-77 and CWE-89 categories, representing improper neutralization of special elements used in a command or query, which allows for command injection attacks. Attackers could exploit this by crafting input that modifies the LDAP search filter to include additional search criteria, potentially enabling them to access groups and permissions belonging to other users within the LDAP directory structure.
The operational impact of CVE-2025-67493 extends beyond simple authentication bypass, as it creates a persistent threat vector for privilege escalation within Homarr deployments that utilize LDAP authentication. Once an attacker gains access to any legitimate user account, they can leverage this vulnerability to escalate their privileges and access sensitive data or administrative functions belonging to other users. This represents a significant concern for organizations that rely on LDAP for user management, as it undermines the fundamental security assumptions of user isolation and access control. The vulnerability aligns with ATT&CK technique T1078.004, which covers valid accounts with the use of legitimate credentials to access systems, combined with privilege escalation tactics that allow attackers to move laterally within the authenticated environment.
Organizations using Homarr with LDAP authentication should immediately implement the patch released in version 1.45.3 to address this vulnerability. The remediation process involves upgrading the Homarr application to the latest stable release, which includes proper input sanitization and escaping mechanisms for LDAP search queries. Security teams should also conduct comprehensive audits of their LDAP configurations to identify any additional potential attack vectors, particularly focusing on the validation of user inputs and the implementation of proper query parameterization. Organizations should consider implementing additional monitoring and logging of authentication activities to detect potential exploitation attempts, and establish regular security assessments to verify that all input validation mechanisms are properly functioning. The vulnerability demonstrates the critical importance of input sanitization in authentication systems and serves as a reminder of the potential consequences when proper security controls are omitted from user-facing interfaces that interact with backend systems.