CVE-2025-13130 HIGH

CVE-2025-13130: Radarr Service Radarr.Console.exe default permission

Vendor N/A
Product Radarr
Weakness CWE-276
Published November 13, 2025
Last update November 14, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
November 14, 2025 Record updated