CNNVD-202509-4330 Information

CNNVD ID

CNNVD-202509-4330

Related CVE

CVE-2025-54875

• CNNVD Published: 2025-09-29

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.16.0版本至1.26.3版本存在访问控制错误漏洞，该漏洞源于注册功能启用时未授权攻击者可利用隐藏字段创建管理员账户，可能导致权限提升。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. FreshRSS Versions 1.16.0 to 1.26.3 have access control error holes, which stem from the fact that the assailant was not authorized to create administrator accounts using hidden fields when the registration function was enabled, which could lead to increased privileges.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

FreshRSS

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/pull/7783 https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-h625-ghr3-jppq

Patch

https://github.com/FreshRSS/FreshRSS/releases