CNNVD-202512-4854 Information

CNNVD ID

CNNVD-202512-4854

Related CVE

CVE-2025-68932

• CNNVD Published: 2025-12-27

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.28.0之前版本存在安全特征问题漏洞，该漏洞源于使用弱随机数生成器生成会话令牌，可能导致账户接管。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. There is a security feature gap in the pre-FreshRSS 1.28.0 version, which arises from the use of a weak random number generator to generate a message token that may lead to the account taking over.

Hazard Level

Critical

Vulnerability Type

安全特征问题

Affected Vendor

FreshRSS

Published

2025-12-27

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/pull/8061 https://github.com/FreshRSS/FreshRSS/commit/57e1a375cbd2db9741ff19167813344f8eff5772 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-j9wc-gwc6-p786 https://access.redhat.com/security/cve/cve-2025-68932

Patch

https://github.com/FreshRSS/FreshRSS/releases