CNNVD-202510-2730 Information
CNNVD ID
CNNVD-202510-2730
Related CVE
- CNNVD Published: 2025-10-21
Description (Chinese)
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon 4.4.8之前版本和4.5.0-beta.2之前版本存在代码问题漏洞,该漏洞源于未正确处理转帖状态,可能导致绕过引用控制功能。
Description (English)
Mastodon is an open-source social network server based on ActivityPub. There is a code problem loophole in previous versions of Mastodon 4.4.8 and 4.5.0-beta.2, which stems from an incorrect handling of the transfer state and may lead to circumventing the reference control function.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Mastodon
Published
2025-10-21
Last Modified
2026-02-24
References
https://github.com/mastodon/mastodon/releases/tag/v4.4.8 https://github.com/mastodon/mastodon/releases/tag/v4.5.0-beta.2 https://github.com/mastodon/mastodon/commit/405a49df44033e7d179f3d44d59fb68a67d54789 https://github.com/mastodon/mastodon/commit/2dc4552229b55e2e4adaef675e68ed7ae123d78e https://github.com/mastodon/mastodon/security/advisories/GHSA-8h43-rcqj-wpc6 https://access.redhat.com/security/cve/cve-2025-62605
Patch
https://github.com/mastodon/mastodon/releases
Share on: