CNNVD-202512-2751 Information

Dec 16, 2025 cve

CNNVD ID

CNNVD-202512-2751

CVE-2025-58173

  • CNNVD Published: 2025-12-16

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS存在路径遍历漏洞。攻击者利用该漏洞可以执行代码。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. FreshRSS has a loophole in its path. The attackers used the loophole to enforce the code.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

FreshRSS

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/commit/79604aa4b3051f083d1734bd9e82c6a89d785c5a#diff-49280171b6e7964e21a0270427e56eacb47b8ac562593a01ad4bc74b49f840c7R135 https://github.com/FreshRSS/FreshRSS/pull/7979 https://github.com/FreshRSS/FreshRSS/pull/7878 https://github.com/FreshRSS/FreshRSS/commit/dbbae15a8458679db0f4540dacdbdcff9c02ec8c#diff-63f610c36d0f2555c1787f6d0804f46f4df6e0f918dfe03408309039abf6efebL85-L88 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-6c8h-w3j5-j293 https://github.com/FreshRSS/FreshRSS/pull/7971 https://github.com/FreshRSS/FreshRSS/commit/ee175dd6169a016fc898fac62d046e22c205dec0#diff-6ebff7743ede829cf5a7f0e4566b42023a2d4779cc8d7e96fefec116f2292174R190-R194 https://access.redhat.com/security/cve/cve-2025-58173

Share on: