CVE-2025-53908 is a high-severity authenticated path traversal vulnerability affecting RomM, a self-hosted ROM manager and player application. The vulnerability exists in versions prior to 3.10.3 and 4.0.0-beta.3 within the `/api/raw` endpoint. This endpoint improperly validates user-supplied file paths, allowing an authenticated user with limited privileges (such as a kiosk user) to traverse directories using sequences like '/dir/../filename'. Exploiting this flaw enables attackers to access arbitrary files on the server, including sensitive files that may contain stored passwords and user information. The vulnerability does not require user interaction beyond authentication but does require at least low-level privileges. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no user interaction, and privileges required at a low level, with high impact on confidentiality and scope change due to potential leakage of sensitive data. Although no known exploits are reported in the wild yet, the vulnerability poses a significant risk to the confidentiality of stored credentials and user data. The issue has been patched in versions 3.10.3 and 4.0.0-beta.3 of RomM, and users are strongly advised to upgrade to these or later versions to mitigate the risk.

For European organizations using RomM, especially those deploying it in multi-user environments or public kiosks, this vulnerability could lead to unauthorized disclosure of sensitive credentials and user data. This leakage could facilitate further attacks such as privilege escalation, lateral movement, or compromise of other connected systems. Organizations relying on RomM for managing ROM collections or related digital assets may face data breaches impacting user privacy and operational security. The exposure of passwords and user information could also lead to reputational damage and regulatory consequences under GDPR if personal data is involved. Since the vulnerability requires authentication but can be exploited by low-privileged users, insider threats or compromised accounts pose a significant risk. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

European organizations should immediately upgrade RomM installations to version 3.10.3 or 4.0.0-beta.3 or later, where the vulnerability is patched. Additionally, organizations should audit user roles and permissions to ensure minimal necessary privileges are assigned, particularly for kiosk or guest users. Implement strict access controls and monitoring on the `/api/raw` endpoint to detect unusual file access patterns indicative of path traversal attempts. Employ network segmentation to isolate RomM servers from critical infrastructure to limit potential lateral movement. Regularly review and rotate stored credentials and consider encrypting sensitive files at rest to reduce impact if accessed. Finally, maintain up-to-date backups and incident response plans tailored to data leakage scenarios involving internal applications.