Lynxtechnology: >> Twonky Server >> 8.5.2 Security Vulnerabilities
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.
CVSS Score
8.1
EPSS Score
0.755
Published
2025-11-19
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
CVSS Score
9.8
EPSS Score
0.848
Published
2025-11-19