Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-13315 PoC — Unauthenticated log access in Twonky Server

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-13315.yaml
Associated Vulnerability
Title:Unauthenticated log access in Twonky Server (CVE-2025-13315)
Description:Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Description
Twonky Server 8.5.2 contains a broken access control vulnerability caused by bypassing web service API authentication, letting unauthenticated attackers read log files with administrator credentials, exploit requires no authentication
File Snapshot

 id: CVE-2025-13315

info:
  name: Twonky Server 8.5.2 on Linux and Windows - Log File Exposure
  aut

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →