Description

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.

Related CPE's

a

inmusicbrands

engine_dj_desktop

Vulnerable

o

apple

macos

-

o

microsoft

windows

-

References

https://github.com/audiopump/cve-2025-66723

ExploitThird Party Advisory

https://www.inmusicbrands.com/

Product

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-732

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T21:15:44.120Z

3 weeks ago

Last modified

2026-01-05T20:25:53.490Z

2 weeks ago