CNNVD-202509-4549 Information

CNNVD ID

CNNVD-202509-4549

Related CVE

CVE-2025-59950

• CNNVD Published: 2025-09-30

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.26.3及之前版本存在安全漏洞，该漏洞源于绕过双重点击劫持保护，可能导致权限提升和账户接管。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. FreshRSS 1.26.3 and previous versions contain a security loophole, which stems from circumventing double-click hijacking protection, which may lead to increased authority and account taking.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FreshRSS

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/pull/7771 https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-j66v-hvqx-5vh3

Patch

https://github.com/FreshRSS/FreshRSS/releases