CVE-2025-66402

Exploit

EPSS 0.04%
Veröffentlicht 15.12.2025 23:09:57
Zuletzt bearbeitet 06.01.2026 19:42:01
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Misskey ≫ Misskey Version >= 13.1.0 < 2025.12.0

Misskey ≫ Misskey Version13.0.0 Update-

Misskey ≫ Misskey Version13.0.0 Updatebeta16

Misskey ≫ Misskey Version13.0.0 Updatebeta21

Misskey ≫ Misskey Version13.0.0 Updatebeta22

Misskey ≫ Misskey Version13.0.0 Updatebeta23

Misskey ≫ Misskey Version13.0.0 Updatebeta24

Misskey ≫ Misskey Version13.0.0 Updatebeta25

Misskey ≫ Misskey Version13.0.0 Updatebeta26

Misskey ≫ Misskey Version13.0.0 Updatebeta27

Misskey ≫ Misskey Version13.0.0 Updatebeta28

Misskey ≫ Misskey Version13.0.0 Updatebeta29

Misskey ≫ Misskey Version13.0.0 Updatebeta30

Misskey ≫ Misskey Version13.0.0 Updatebeta31

Misskey ≫ Misskey Version13.0.0 Updatebeta32

Misskey ≫ Misskey Version13.0.0 Updatebeta33

Misskey ≫ Misskey Version13.0.0 Updatebeta34

Misskey ≫ Misskey Version13.0.0 Updatebeta35

Misskey ≫ Misskey Version13.0.0 Updatebeta36

Misskey ≫ Misskey Version13.0.0 Updatebeta37

Misskey ≫ Misskey Version13.0.0 Updatebeta38

Misskey ≫ Misskey Version13.0.0 Updatebeta39

Misskey ≫ Misskey Version13.0.0 Updatebeta40

Misskey ≫ Misskey Version13.0.0 Updatebeta41

Misskey ≫ Misskey Version13.0.0 Updatebeta42

Misskey ≫ Misskey Version13.0.0 Updatebeta43

Misskey ≫ Misskey Version13.0.0 Updaterc1

Misskey ≫ Misskey Version13.0.0 Updaterc10

Misskey ≫ Misskey Version13.0.0 Updaterc11

Misskey ≫ Misskey Version13.0.0 Updaterc2

Misskey ≫ Misskey Version13.0.0 Updaterc3

Misskey ≫ Misskey Version13.0.0 Updaterc4

Misskey ≫ Misskey Version13.0.0 Updaterc5

Misskey ≫ Misskey Version13.0.0 Updaterc6

Misskey ≫ Misskey Version13.0.0 Updaterc7

Misskey ≫ Misskey Version13.0.0 Updaterc8

Misskey ≫ Misskey Version13.0.0 Updaterc9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.137

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3

Vendor Advisory

Exploit

https://github.com/misskey-dev/misskey/commit/dc77d59f8712d3fe0b73cd4af2035133839cd57b

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-66402

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66402

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66402

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66402