CVE-2025-62166— FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-62166
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens
Source: NVD (National Vulnerability Database)
Vulnerability Description
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This vulnerability is fixed in 1.28.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
FreshRSS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.28.0之前版本存在安全漏洞,该漏洞源于与主身份验证令牌相关的身份验证逻辑缺陷,可能导致匿名查看时绕过对其他用户订阅源的访问限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-62166
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-62166
请登录查看更多情报信息。
- Release FreshRSS 1.28.0 · FreshRSS/FreshRSS · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2025-62166
IV. Related Vulnerabilities
Same product: FreshRSS
- CVE-2025-68402
FreshRSS has an authentication bypass due to truncated bcryp - CVE-2025-68148
FreshRSS globally denies access to feed via proxy modifying - CVE-2025-68932
FreshRSS has weak cryptographic randomness in remember-me to - CVE-2025-59949
FreshRSS has Logout CSRF that Leads to DoS via <track src> - CVE-2025-58173
FreshRSS vulnerable to authenticated RCE via path traversal
Same vendor: FreshRSS
- CVE-2025-68402
FreshRSS has an authentication bypass due to truncated bcryp - CVE-2025-68148
FreshRSS globally denies access to feed via proxy modifying - CVE-2025-68932
FreshRSS has weak cryptographic randomness in remember-me to - CVE-2025-59949
FreshRSS has Logout CSRF that Leads to DoS via <track src> - CVE-2025-58173
FreshRSS vulnerable to authenticated RCE via path traversal
Same weakness: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. Comments for CVE-2025-62166
No comments yet