Primary

Context

Homarr Privilege Escalation Vulnerability via LDAP Injection

Vulnerability

A privilege escalation vulnerability has been identified in Homarr, an open-source dashboard, in versions through 1.45.2. The issue arises from inadequate input sanitization in LDAP search queries, allowing malicious actors with access to a user account to escalate privileges and gain access to groups of other users. This vulnerability affects all instances using LDAP authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to access groups and permissions of other users.

Remediation

Users can upgrade to Homarr version 1.45.3 or later, which includes a patch for this vulnerability by validating LDAP input to prevent injection and ensuring that only one user matches the query. As a temporary workaround, LDAP authentication can be disabled, but this will prevent user login.

Added: Dec 17, 2025, 9:19 PM

Updated: Dec 17, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.5

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.5

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Homarr Privilege Escalation Vulnerability via LDAP Injection

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating