CNNVD-202509-4337 Information

CNNVD ID

CNNVD-202509-4337

Related CVE

CVE-2025-54591

• CNNVD Published: 2025-09-29

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.26.3及之前版本存在访问控制错误漏洞，该漏洞源于FreshRSS_Auth::hasAccess函数缺少访问检查，可能导致信息泄露。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. FreshRSS 1.26.3 and previous versions have access control bugs that stem from the absence of access checks in the FreshRSS Auth:hasAccess function, which may lead to the disclosure of information.

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

FreshRSS

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/pull/7768 https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jf4v-f8p2-8xvq

Patch

https://github.com/FreshRSS/FreshRSS/releases