216.73.216.86

CVE-2025-24896

· Published 11/02/2025 16:15 · Modified 20/02/2025 15:48

Labels: CVE-2025-24896 2025-02-11CVE-2025-24896CWE-613[email protected]

Essential information

Published
11/02/2025 16:15
Modified
20/02/2025 15:48
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS metrics

Description

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary affected users will be users who have logged into Misskey using a public PC or someone else's device, but it's possible that users who have logged out of Misskey before lending their PC to someone else could also be affected. Version 2025.2.0-alpha.0 contains a fix for this issue.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
misskey / misskey cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*

References