216.73.217.98

CVE-2025-31134

· Published 04/06/2025 20:15 · Modified 05/06/2025 20:12

Labels: CVE-2025-31134 2025-06-04CVE-2025-31134CWE-201[email protected]

Essential information

Published
04/06/2025 20:15
Modified
05/06/2025 20:12
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
freshrss / freshrss cpe:2.3:a:freshrss:freshrss:<1.26.2:*:*:*:*:*:*:*

References