CVE-2025-24900

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to 12.25Q1.1, the authentication cookie does not have the SameSite attribute. This allows an attacker to bypass MediaProxy authentication and load any image without restrictions under certain circumstances. In versions prior to 12.24Q2.3, this cookie was also used to authenticate the job queue management page (bull-board), so bull-board authentication is also bypassed. This may enable attacks that have a significant impact on availability and integrity. The affected versions are too old to be covered by this advisory, but the maintainers of Concorde strongly recommend not using older versions. Version 12.25Q1.1 contains a patch. There is no effective workaround other than updating.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/nexryai/concorde/commit/2309b4a292828ddba4d57cf0e914bc433095871d
https://github.com/nexryai/concorde/commit/f3f54bde6a37ad310f83ae46de54a286c4b74059
https://github.com/nexryai/concorde/security/advisories/GHSA-5hgq-9vw8-7v87

Configurations

No configuration.

History

11 Feb 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-11 16:15

Updated : 2025-02-11 16:15

NVD link : CVE-2025-24900

Mitre link : CVE-2025-24900

CVE.ORG link : CVE-2025-24900

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2025-24900", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2025-02-11T16:15:51.763", "references": [{"url": "https://github.com/nexryai/concorde/commit/2309b4a292828ddba4d57cf0e914bc433095871d", "source": "security-advisories@github.com"}, {"url": "https://github.com/nexryai/concorde/commit/f3f54bde6a37ad310f83ae46de54a286c4b74059", "source": "security-advisories@github.com"}, {"url": "https://github.com/nexryai/concorde/security/advisories/GHSA-5hgq-9vw8-7v87", "source": "security-advisories@github.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to 12.25Q1.1, the authentication cookie does not have the SameSite attribute. This allows an attacker to bypass MediaProxy authentication and load any image without restrictions under certain circumstances. In versions prior to 12.24Q2.3, this cookie was also used to authenticate the job queue management page (bull-board), so bull-board authentication is also bypassed. This may enable attacks that have a significant impact on availability and integrity.\nThe affected versions are too old to be covered by this advisory, but the maintainers of Concorde strongly recommend not using older versions. Version 12.25Q1.1 contains a patch. There is no effective workaround other than updating."}], "lastModified": "2025-02-11T16:15:51.763", "sourceIdentifier": "security-advisories@github.com"}