azuracast CVE Vulnerabilities & Metrics

Focus on azuracast vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About azuracast Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with azuracast. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total azuracast CVEs: 3
Earliest CVE date: 20 Apr 2023, 02:15 UTC
Latest CVE date: 12 Dec 2025, 07:15 UTC

Latest CVE reference: CVE-2025-67737

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical azuracast CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS azuracast CVEs

These are the five CVEs with the highest CVSS scores for azuracast, sorted by severity first and recency.

CVE-2025-67737 azuracast Published on 12 Dec 2025, 07:15 UTC (CVSS: 0)
AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a station's operations can craft a custom HTTP request that would affect the contents of a station's d...
CVE-2023-2531 azuracast Published on 05 May 2023, 01:15 UTC (CVSS: 0)
Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.
CVE-2023-2191 azuracast Published on 20 Apr 2023, 02:15 UTC (CVSS: 0)
Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.

All CVEs for azuracast

CVE-2025-67737 azuracast vulnerability CVSS: 0 12 Dec 2025, 07:15 UTC

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a station's operations can craft a custom HTTP request that would affect the contents of a station's database, without revealing any internal information about the station. In order to carry out an attack, a malicious user would need to know a valid SFTP station username and the coordinating internal filesystem structure. This issue is fixed in version 0.23.2.

CVE-2023-2531 azuracast vulnerability CVSS: 0 05 May 2023, 01:15 UTC

Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.

CVE-2023-2191 azuracast vulnerability CVSS: 0 20 Apr 2023, 02:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.