CNNVD-202512-4023 Information

CNNVD ID

CNNVD-202512-4023

Related CVE

CVE-2025-68667

• CNNVD Published: 2025-12-23

Description (Chinese)

continuwuity是continuwuity开源的一个家庭服务器。 continuwuity 0.5.0之前版本存在安全漏洞，该漏洞源于未验证签名请求的来源，可能导致服务器为任意成员事件进行加密签名。

Description (English)

Continuwuity is a home server that is an open source of continuwuity. There was a security loophole in the pre-continucity 0.5.0 version, which originated from the source of the unverified signature request and could lead the server to encrypt the signature for any member event.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

continuwuity

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/continuwuity/continuwuity/security/advisories/GHSA-22fw-4jq7-g8r8 https://github.com/matrix-construct/tuwunel/commit/dc9314de1f8a6e040c5aa331fe52efbe62e6a2c3 https://gitlab.computer.surgery/matrix/grapevine/-/commit/9a50c2448abba6e2b7d79c64243bb438b351616c https://forgejo.ellis.link/continuwuation/continuwuity/commit/b2bead67ac8bc45de9a612578f295e5b7fc6c2b5 https://forgejo.ellis.link/continuwuation/continuwuity/commit/7fa4fa98628593c1a963f5aa8dbc3657d604b047 https://gitlab.com/famedly/conduit/-/releases/v0.10.10

Patch

https://github.com/continuwuity/continuwuity/releases