Overview
CVE-2025-13131 identifies a high-severity vulnerability in Sonarr version 4.0.15.2940. This vulnerability stems from incorrect default permissions resulting from manipulation of an unknown function within the Sonarr.Console.exe file, located at C:\ProgramData\Sonarr\bin\Sonarr.Console.exe. While the vendor acknowledges the vulnerability, they classify it as low severity due to the common practice of using the default service user. Exploitation requires local access.
Technical Details
The vulnerability resides within an unspecified function of the Sonarr.Console.exe executable. Exploitation involves manipulating this function in a way that causes Sonarr to configure incorrect default permissions. Due to the local access requirement, an attacker would need existing access to the system running Sonarr to exploit this flaw. The specifics of the manipulation are detailed in the linked references. The root cause appears to be insufficient permission validation or handling during the configuration process.
CVSS Analysis
The vulnerability has been assigned a CVSS score of 7.8, indicating a High severity. This score reflects the potential impact of successful exploitation, which could allow a local attacker to escalate privileges or compromise the security of the Sonarr service. While the vendor considers it low severity, the CVSS score suggests otherwise, especially if Sonarr is running under a privileged account. The CVSS vector string would likely include factors like local access and potential for privilege escalation.
Possible Impact
Successful exploitation of CVE-2025-13131 could lead to several adverse outcomes:
- Privilege Escalation: An attacker could potentially elevate their privileges on the system by exploiting the incorrect permissions.
- Data Exposure: Depending on the permissions granted, sensitive data managed by Sonarr could be exposed.
- Service Compromise: The Sonarr service itself could be compromised, leading to unauthorized access or modification of its settings and data.
While the vendor downplays the severity, it’s crucial to understand the potential risks, especially in environments where Sonarr is running with higher privileges than the default user.
Mitigation or Patch Steps
Currently, a patch is not available. According to the vendor, a fix is planned for the next major release, version 5, of Sonarr. In the meantime, the following mitigation steps are recommended:
- Restrict Local Access: Minimize the number of users with local access to the system running Sonarr.
- Monitor System Activity: Implement monitoring solutions to detect suspicious activity that could indicate exploitation attempts.
- Use Least Privilege: Ensure that the Sonarr service is running under the default, least privileged user account. Avoid running it under accounts with elevated privileges unless absolutely necessary.
- Stay Updated: Monitor the Sonarr release notes and upgrade to version 5 as soon as it becomes available.
