CVE-2025-31482

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-vpmc-3fv2-jmgp

Configurations

No configuration.

History

05 Jun 2025, 20:12

Type	Values Removed	Values Added
Summary		(es) FreshRSS es un agregador de feeds RSS autoalojado. Una vulnerabilidad en versiones anteriores a la 1.26.2 provoca que se cierre repetidamente la sesión del usuario tras obtener una entrada maliciosa, lo que provoca una denegación de servicio. La versión 1.26.2 incluye un parche para este problema.

04 Jun 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-04 20:15

Updated : 2025-06-05 20:12

NVD link : CVE-2025-31482

Mitre link : CVE-2025-31482

CVE.ORG link : CVE-2025-31482

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

4.3 /10