CNNVD-202510-1652 Information
CNNVD ID
CNNVD-202510-1652
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon 4.4.6之前版本、4.3.14之前版本和4.2.27之前版本存在代码问题漏洞,该漏洞源于管理员通过命令行界面重置用户密码时未撤销活动会话和访问令牌,可能导致攻击者继续使用被重置密码的账户。
Description (English)
Mastodon is an open-source social network server based on ActivityPub. There is a code problem loophole in previous versions of Mastodon 4.4.6, 4.3.14 and 4.2.27, which stems from the fact that active sessions and access tokens were not revoked when the administrator resets the user password via the command line interface, which may result in the attackers continuing to use the re-coded account.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Mastodon
Published
2025-10-13
Last Modified
2026-02-24
References
https://github.com/mastodon/mastodon/commit/1631fb80e8029d2c5425a03a2297b93f7e225217 https://github.com/mastodon/mastodon/security/advisories/GHSA-f3q3-rmf7-9655 https://access.redhat.com/security/cve/cve-2025-62174
Patch
https://github.com/mastodon/mastodon/releases
Share on: