CVE-2025-67493
📋 TL;DR
This vulnerability in Homarr allows privilege escalation and unauthorized access to other users' groups through crafted LDAP search queries due to insufficient input sanitization. It affects all Homarr instances using LDAP authentication where an attacker has access to any user account. The vulnerability was patched in version 1.45.3.
💻 Affected Systems
- Homarr
📦 What is this software?
Homarr by Homarr
⚠️ Risk & Real-World Impact
Worst Case
An attacker with any user account could escalate privileges to administrative access, access sensitive data from other users' groups, and potentially compromise the entire Homarr instance and connected systems.
Likely Case
Malicious insider or compromised user account could access unauthorized groups, modify dashboard configurations, and potentially gain administrative privileges within Homarr.
If Mitigated
With proper network segmentation and monitoring, impact would be limited to the Homarr instance itself without lateral movement to other systems.
🎯 Exploit Status
Exploitation requires authenticated access to any user account in LDAP-enabled Homarr instances. The vulnerability is in LDAP query construction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.45.3
Vendor Advisory: https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q
Restart Required: Yes
Instructions:
1. Backup your Homarr configuration. 2. Update Homarr to version 1.45.3 or later using your deployment method (Docker, manual, etc.). 3. Restart the Homarr service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable LDAP Authentication
allTemporarily switch to local authentication or disable authentication entirely until patching is possible
Modify Homarr configuration to use local auth or disable auth
Network Segmentation
allRestrict access to Homarr instance to trusted networks only
Configure firewall rules to limit Homarr access
🧯 If You Can't Patch
- Implement strict access controls and monitor all LDAP authentication attempts
- Disable LDAP authentication and use alternative authentication methods
🔍 How to Verify
Check if Vulnerable:
Check Homarr version and LDAP configuration. If version < 1.45.3 and LDAP auth is enabled, the system is vulnerable.Check Version:
Check Homarr web interface settings or container/image versionVerify Fix Applied:
Verify Homarr version is 1.45.3 or later and test LDAP authentication functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual LDAP query patterns
- Multiple failed authentication attempts followed by successful escalation
- User accessing groups they shouldn't have permissions for
Network Indicators:
- Unusual LDAP traffic patterns to Homarr instance
- Multiple authentication requests from single source
SIEM Query:
source="homarr" AND (event="ldap_query" OR event="authentication") AND (status="success" OR query="*") | stats count by user, source_ip