{"id":9709,"date":"2025-08-04T20:53:35","date_gmt":"2025-08-04T20:53:35","guid":{"rendered":"http:\/\/localhost\/?p=9709"},"modified":"2025-08-04T20:53:35","modified_gmt":"2025-08-04T20:53:35","slug":"trilium-notes-is-vulnerable-to-brute-force-protection-bypass-via-initial-sync-seed-retrieval","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9709","title":{"rendered":"Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nTrilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-05T00:14:33.857Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-05T00:14:33.857Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nTriliumNext<\/td>\n<\/tr>\n
Product<\/th>\nTrilium<\/td>\n<\/tr>\n
Version<\/th>\n< 0.97.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n7.5 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nTrilium Notes has a brute-force protection bypass vulnerability that allows attackers to guess login passwords without rate limiting. This is particularly concerning as Trilium can be exposed to the internet. The issue is fixed in version 0.97.0.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nTriliumNext<\/td>\n<\/tr>\n
AI Product<\/th>\nTrilium Notes<\/td>\n<\/tr>\n
AI Version<\/th>\n< 0.97.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n