CVE-2025-58763
📋 TL;DR
This command injection vulnerability in Tautulli allows attackers with administrative access to execute arbitrary commands on the server, potentially leading to full system compromise. It affects Tautulli installations that were manually cloned from GitHub rather than installed via package managers. The vulnerability is exploitable through the git update functionality.
💻 Affected Systems
- Tautulli
📦 What is this software?
Tautulli by Tautulli
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining root privileges, data exfiltration, installation of persistent backdoors, and lateral movement to other systems.
Likely Case
Attacker with administrative access executes commands to steal sensitive data, modify configurations, or install cryptocurrency miners.
If Mitigated
Limited impact due to proper access controls, network segmentation, and monitoring preventing successful exploitation.
🎯 Exploit Status
Exploitation requires administrative access to Tautulli web interface. The vulnerability is straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.16.0
Vendor Advisory: https://github.com/Tautulli/Tautulli/security/advisories/GHSA-jrm9-r57q-6cvf
Restart Required: Yes
Instructions:
1. Backup your Tautulli configuration and database. 2. Stop Tautulli service. 3. Update to v2.16.0 via git pull or download new release. 4. Restart Tautulli service. 5. Verify version is 2.16.0 or higher.
🔧 Temporary Workarounds
Disable Git Update Feature
allPrevent exploitation by disabling git-based updates in Tautulli configuration
Edit Tautulli config.ini and set: check_github = 0
Restart Tautulli service
Network Segmentation
allRestrict access to Tautulli web interface to trusted networks only
Configure firewall rules to limit access to Tautulli port (default 8181)
🧯 If You Can't Patch
- Implement strict access controls to Tautulli admin interface
- Monitor for suspicious git command execution and shell activity
🔍 How to Verify
Check if Vulnerable:
Check Tautulli version in web interface Settings > General, or run: python tautulli.py --versionCheck Version:
python tautulli.py --versionVerify Fix Applied:
Confirm version is 2.16.0 or higher in web interface or via command line📡 Detection & Monitoring
Log Indicators:
- Unusual git commands in Tautulli logs
- Shell command execution from Tautulli process
- Failed authentication attempts to admin interface
Network Indicators:
- Unusual outbound connections from Tautulli server
- Git protocol traffic to unexpected destinations
SIEM Query:
process.name: 'python' AND process.args: '*git*' AND process.parent.name: 'tautulli'