CVE-2025-61586

Published: Sep 30, 2025Modified: Oct 3, 2025

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security-advisories@github.com (Secondary)

Description

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.

Affected (1)

Products: Freshrss: Freshrss

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freshrss Freshrss	Before 1.27.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://github.com/FreshRSS/FreshRSS/commit/6549932d59aef3b72a9da29294af0f30ffb77af5

Source: security-advisories@github.com

Patch

https://github.com/FreshRSS/FreshRSS/pull/7722

Source: security-advisories@github.com

Patch

https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-w35p-p867-qr4f

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-w35p-p867-qr4f

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.