CVE-2025-59948

Exploit

EPSS 0.03%
Veröffentlicht 29.09.2025 23:15:32
Zuletzt bearbeitet 03.10.2025 15:55:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to be enabled by the instance administrator beforehand for the attack to work as it relies on api/query.php. An account takeover is possible by sending a change password request via the XSS payload / setting UserJS for persistence / stealing the autofill password / displaying a phishing page with a spoofed URL using history.replaceState()
If the victim is an administrator, the attacker can also perform administrative actions. This issue is fixed in version 1.27.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freshrss ≫ Freshrss Version < 1.27.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	6.7	1.2	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0

Release Notes

https://github.com/FreshRSS/FreshRSS/commit/7df6c201f2e6a6521d20718dfd8d9794c7437d1f

Patch

https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-rwhf-vjjx-gmm9

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-59948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59948

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-59948