CNNVD-202510-1651 Information
CNNVD ID
CNNVD-202510-1651
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon 4.4.6之前版本、4.3.14之前版本和4.2.27之前版本存在安全漏洞,该漏洞源于禁用或暂停用户账户时未断开流API连接,可能导致被禁用账户继续接收实时更新。
Description (English)
Mastodon is an open-source social network server based on ActivityPub. There is a security loophole in previous versions of Mastodon 4.4.6, 4.3.14 and 4.2.27, which stems from the fact that the user account is not disconnected from the API connection when it is disabled or suspended, which may result in the disabled account continuing to receive real-time updates.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mastodon
Published
2025-10-13
Last Modified
2026-02-24
References
https://github.com/mastodon/mastodon/security/advisories/GHSA-r2fh-jr9c-9pxh https://github.com/mastodon/mastodon/commit/2971ac9863b91372e68ac152caf6f4dbff511d17 https://access.redhat.com/security/cve/cve-2025-62175
Patch
https://github.com/mastodon/mastodon/releases
Share on: