← Volver a CVEs
CVE-2025-31134
HIGH7.5
Descripcion
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/4/2025
Ultima modificacion6/10/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
freshrss:freshrss
Debilidades (CWE)
CWE-201
Referencias
https://github.com/FreshRSS/FreshRSS/commit/4568111c00813756a3a34a381d684b8354fc4438(security-advisories@github.com)
https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65(security-advisories@github.com)
https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.