CVE-2025-31134

Medium CVSS: 5.5

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.

Vendor

Freshrss

Product

Freshrss

CWE

CWE-201

Yayın Tarihi

2025-06-04 20:15:22

Güncelleme

2025-06-10 15:08:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-201 Freshrss MEDIUM Freshrss 2025

Referanslar

https://github.com/FreshRSS/FreshRSS/commit/4568111c00813756a3a34a381d684b8354fc4438 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65

Benzer Kayıtlar

High

CVE-2025-62166

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication…

Medium

CVE-2025-68148

FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny…

Low

CVE-2025-68932

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random n…

Medium

CVE-2025-59949

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vuln…

High

CVE-2025-58173

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the `lan…

Medium

CVE-2025-61586

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by s…