216.73.216.86

CVE-2025-55165

· Published 12/08/2025 21:15 · Modified 12/08/2025 21:15

Labels: CVE-2025-55165 2025-08-12CVE-2025-55165CWE-200[email protected]

Essential information

Published
12/08/2025 21:15
Modified
12/08/2025 21:15
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
autocaliweb / autocaliweb cpe:2.3:a:autocaliweb:autocaliweb:*:*:*:*:*:*:*:*

References