CNNVD-202509-4333 Information

CNNVD ID

CNNVD-202509-4333

Related CVE

CVE-2025-54592

• CNNVD Published: 2025-09-29

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.26.3及之前版本存在代码问题漏洞，该漏洞源于注销时未正确终止会话，可能导致会话劫持和固定漏洞。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. FreshRSS 1.26.3 and previous versions had a code gap, which stemmed from the incorrect termination of the session at the time of write-off, which could lead to hijackings and fixed loopholes.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

FreshRSS

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/pull/7762 https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-42v4-65f8-5wgr

Patch

https://github.com/FreshRSS/FreshRSS/releases