CVE-2025-13130
📋 TL;DR
A local privilege escalation vulnerability in Radarr 5.28.0.10274 allows attackers with local access to manipulate service permissions. This could enable unauthorized users to gain elevated privileges on Windows systems running the vulnerable version. Only systems with Radarr installed and accessible locally are affected.
💻 Affected Systems
- Radarr
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM-level privileges, enabling complete system compromise, data theft, malware installation, or persistence mechanisms.
Likely Case
Local user or malware with basic access escalates to administrative privileges, allowing modification of Radarr configuration, installation of additional software, or lateral movement.
If Mitigated
With proper access controls and limited local user accounts, impact is minimal as only authorized users could exploit the vulnerability.
🎯 Exploit Status
Exploitation requires local access but appears to be straightforward based on the CWE-266 (Incorrect Privilege Assignment) classification and CVSS score.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available - vendor did not respond to disclosure
Restart Required: Yes
Instructions:
1. Monitor Radarr GitHub releases for security updates. 2. When patch is available, download latest version. 3. Stop Radarr service. 4. Install updated version. 5. Restart service.
🔧 Temporary Workarounds
Restrict Local Access
windowsLimit local user accounts and implement principle of least privilege to reduce attack surface.
Service Hardening
windowsModify Radarr service permissions to restrict access to authorized users only.
sc.exe sdset Radarr D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
🧯 If You Can't Patch
- Implement strict access controls to limit who has local login privileges to Radarr servers
- Monitor for unusual service permission changes or privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Radarr version in Settings > General > About. If version is 5.28.0.10274, system is vulnerable.Check Version:
Check Radarr web interface at Settings > General > About, or examine C:\ProgramData\Radarr\bin\Radarr.Console.exe propertiesVerify Fix Applied:
After updating, verify version is newer than 5.28.0.10274 and check service permissions are properly configured.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing service permission changes
- Unexpected service restarts or failures
- User privilege escalation events
Network Indicators:
- None - local-only vulnerability
SIEM Query:
Windows Event ID 4672 (Special privileges assigned) OR Event ID 4704 (Audit policy change) related to Radarr service