CVE-2025-66723

Published: Dec 30, 2025Modified: Jan 5, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.

Affected (1)

Products: Inmusicbrands: Engine Dj Desktop

Inmusicbrands

1 product

Engine Dj Desktop

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Inmusicbrands Engine Dj Desktop	From 3.0.0 to 4.3.4

Running on/with	Platform Versions
Apple Macos	All versions
Microsoft Windows	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://github.com/audiopump/cve-2025-66723

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.inmusicbrands.com/

Source: cve@mitre.org

Product

Timeline

No history available yet.