Lynx Technology Twonky Server
Easy fix2 remedies
cpe:2.3:a:lynxtechnology:twonky_server:*:*:*:*:*:*:*
Easy fix2 remedies
- 8.5.2
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Twonky Server Hard-Coded Cryptographic Keys Vulnerability Allowing Administrator Access
Vulnerability
Exploited
A vulnerability exists in Twonky Server version 8.5.2 on both Linux and Windows platforms, due to the use of hard-coded cryptographic keys. This flaw allows an attacker with knowledge of the encrypted administrator password to decrypt it using these static keys, thereby gaining administrator-level access to the server. Exploitation of this vulnerability could lead to unauthorized control over all media files stored on the server.
Impact
Exploitation of this vulnerability allows an attacker to decrypt the administrator password and gain full administrative access to the Twonky Server instance, including control over all media files stored on the server.
Reproduction
The vulnerability can be reproduced by first exploiting CVE-2025-13315, which involves bypassing authentication to access an API endpoint that leaks the encrypted administrator password. Once the encrypted password is obtained, it can be decrypted using the hard-coded keys to retrieve the plain text password, allowing access as an administrator.
Added: Nov 19, 2025, 6:28 PM
Updated: Nov 19, 2025, 7:29 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
5.0exploitability
9.4remediation
7.9relevance
1.0threat
9.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.