audiopump/cve-2025-66723

Releases0

CVE-2025-66723: inMusic Brands Engine DJ >=3.0.0 through <4.3.4 exposes local and network files to external parties

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-66723 ↗	Dec 30, 2025Tuesday, 30 December 2025, 21:15	7.5 HIGH	—
inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.