{"id":"GO-2025-3733","summary":"Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome","details":"Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome","aliases":["CVE-2025-48948","GHSA-f238-rggp-82m3"],"modified":"2026-03-03T04:56:40.005697Z","published":"2025-06-03T17:57:59Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3733"},"references":[{"type":"ADVISORY","url":"https://github.com/navidrome/navidrome/security/advisories/GHSA-f238-rggp-82m3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48948"},{"type":"FIX","url":"https://github.com/navidrome/navidrome/commit/e5438552c63fecb6284e1b179dddae91ede869c8"},{"type":"FIX","url":"https://github.com/navidrome/navidrome/pull/4096"}],"affected":[{"package":{"name":"github.com/navidrome/navidrome","ecosystem":"Go","purl":"pkg:golang/github.com/navidrome/navidrome"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.56.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3733.json"}}],"schema_version":"1.7.3"}