CNNVD-202508-075 Information
CNNVD ID
CNNVD-202508-075
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.26.1及之前版本存在代码注入漏洞,该漏洞源于管理员可修改更新URL,可能导致任意代码执行。
Description (English)
FreshRSS is a free, self-serving RSS polymer for FreshRSS. FreshRSS 1.2.6.1 and previous versions had a code-injecting loophole, which arose from the administrator ’ s ability to modify and update URLs, which could lead to any code execution.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
FreshRSS
Published
2025-08-01
Last Modified
2026-02-24
References
https://github.com/FreshRSS/FreshRSS/commit/dbdadbb4107878d9233f635c31a88afe45957101 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jcww-48g9-wf57 https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.2 https://github.com/FreshRSS/FreshRSS/pull/7477 https://access.redhat.com/security/cve/cve-2025-54593
Patch
https://github.com/FreshRSS/FreshRSS/releases
Share on: