CNNVD-202509-4546 Information

CNNVD ID

CNNVD-202509-4546

Related CVE

CVE-2025-61586

• CNNVD Published: 2025-09-30

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.26.3及之前版本存在安全漏洞，该漏洞源于主题字段中路径设置不当，可能导致目录枚举攻击。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. There is a security loophole in FreshRSS 1.26.3 and previous versions, which stems from inappropriate routing in the subject field, which could lead to a catalogue of attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FreshRSS

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/commit/6549932d59aef3b72a9da29294af0f30ffb77af5 https://github.com/FreshRSS/FreshRSS/pull/7722 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-w35p-p867-qr4f

Patch

https://github.com/FreshRSS/FreshRSS/releases