CVE-2025-54593

{"id": "CVE-2025-54593", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-08-01T18:15:55.740", "references": [{"url": "https://github.com/FreshRSS/FreshRSS/commit/dbdadbb4107878d9233f635c31a88afe45957101", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/FreshRSS/FreshRSS/pull/7477", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.2", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jcww-48g9-wf57", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code, user data including hashed passwords can be exfiltrated, the instance can be defaced when file permissions allow. Malicious code can be inserted into the instance to steal plaintext passwords, among others. This is fixed in version 1.26.2."}, {"lang": "es", "value": "FreshRSS es un agregador RSS gratuito y autoalojado. En las versiones 1.26.1 y anteriores, un usuario administrador autenticado puede ejecutar c\u00f3digo arbitrario en el servidor FreshRSS modificando la URL de actualizaci\u00f3n a una que controle y obtener la ejecuci\u00f3n del c\u00f3digo tras ejecutar una actualizaci\u00f3n. Tras ejecutar el c\u00f3digo correctamente, se pueden extraer datos del usuario, incluidas las contrase\u00f1as hash, y la instancia puede desfigurarse cuando los permisos de archivo lo permitan. Se puede insertar c\u00f3digo malicioso en la instancia para robar contrase\u00f1as de texto plano, entre otras cosas. Esto se solucion\u00f3 en la versi\u00f3n 1.26.2."}], "lastModified": "2025-08-25T17:38:29.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freshrss:freshrss:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5750A689-0869-499D-8A26-E5088B31DDF4", "versionEndExcluding": "1.26.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}