CNNVD-202507-1681 Information

CNNVD ID

CNNVD-202507-1681

Related CVE

CVE-2025-43856

• CNNVD Published: 2025-07-11

Description (Chinese)

immich是Immich开源的一个高性能自托管照片和视频管理解决方案。 immich 1.132.0之前版本存在安全漏洞，该漏洞源于未检查oauth2状态参数，可能导致账户劫持。

Description (English)

Immich is a high-performance self-hosting photo and video management solution for Immich. An earlier version of immich 1.132.2 had a security loophole, which stemmed from the failure to check the parameters of oauth2 status, which could lead to the hijacking of accounts.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

imonnit.com

Published

2025-07-11

Last Modified

2026-02-24

References

https://github.com/immich-app/immich/security/advisories/GHSA-3832-6r8h-9cfm https://access.redhat.com/security/cve/cve-2025-43856

Patch

https://github.com/immich-app/immich/releases