Vulnerability Description
inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inmusicbrands | Engine Dj Desktop | >= 3.0.0, < 4.3.4 |
| Apple | Macos | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/audiopump/cve-2025-66723ExploitThird Party Advisory
- https://www.inmusicbrands.com/Product
FAQ
What is CVE-2025-66723?
CVE-2025-66723 is a vulnerability with a CVSS score of 7.5 (HIGH). inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.
How severe is CVE-2025-66723?
CVE-2025-66723 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-66723?
Check the references section above for vendor advisories and patch information. Affected products include: Inmusicbrands Engine Dj Desktop, Apple Macos, Microsoft Windows.