FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Freshrss |
|
No data.
References
History
Tue, 12 Aug 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:freshrss:freshrss:*:*:*:*:*:*:*:* |
Wed, 04 Jun 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 04 Jun 2025 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue. | |
| Title | FreshRSS vulnerable to DoS by malicious feed entry loading logout URL | |
| Weaknesses | CWE-352 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-06-04T19:50:58.615Z
Updated: 2025-06-04T20:46:27.779Z
Reserved: 2025-03-28T13:36:51.297Z
Link: CVE-2025-31482
Vulnrichment
Updated: 2025-06-04T20:46:24.718Z
NVD
Status : Analyzed
Published: 2025-06-04T20:15:23.013
Modified: 2025-08-12T15:21:32.777
Link: CVE-2025-31482
Redhat
No data.