Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| FreshRSS | FreshRSS | affected |
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Freshrss | Freshrss | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 30 Dec 2025 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:freshrss:freshrss:*:*:*:*:*:*:*:* |
Fri, 19 Dec 2025 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Freshrss
Freshrss freshrss |
|
| Vendors & Products |
Freshrss
Freshrss freshrss |
Thu, 18 Dec 2025 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via <track src>. Version 1.27.1 patches the issue. | |
| Title | FreshRSS has Logout CSRF that Leads to DoS via <track src> | |
| Weaknesses | CWE-352 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-12-18T19:19:35.478Z
Reserved: 2025-09-23T14:33:49.506Z
Link: CVE-2025-59949
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2025-12-18T19:16:30.847
Modified: 2025-12-30T19:52:57.570
Link: CVE-2025-59949
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-12-19T09:15:45Z