← Back

CVE-2025-68621

nvd nist
Published: Feb 6, 2026Modified: Feb 24, 2026

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.2 / Impact: 5.2
Source: security-advisories@github.com (Secondary)

Description

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC authentication hashes byte-by-byte through statistical timing analysis. This enables complete authentication bypass without password knowledge, granting full read/write access to victim's knowledge base. This vulnerability is fixed in 0.101.0.

Affected (1)

Triliumnotes
1 product
Trilium
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Trilium
Before 0.101.0

Related CWEs

CWE-208
Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (2)

Source: security-advisories@github.com
Issue TrackingPatch
Source: security-advisories@github.com
ExploitMitigationPatchVendor Advisory

Timeline

No history available yet.