CVE-2025-58173

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the admin, creating a new admin user, or set the database to an attacker-controlled MySQL server and abuse it to execute code in FreshRSS by setting malicious feed curl_params inside the feed table. Version 1.27.1 fixes the issue.

Ссылки

https://github.com/FreshRSS/FreshRSS/commit/79604aa4b3051f083d1734bd9e82c6a89d785c5a#diff-49280171b6e7964e21a0270427e56eacb47b8ac562593a01ad4bc74b49f840c7R135
Patch
https://github.com/FreshRSS/FreshRSS/commit/dbbae15a8458679db0f4540dacdbdcff9c02ec8c#diff-63f610c36d0f2555c1787f6d0804f46f4df6e0f918dfe03408309039abf6efebL85-L88
Patch
https://github.com/FreshRSS/FreshRSS/commit/ee175dd6169a016fc898fac62d046e22c205dec0#diff-6ebff7743ede829cf5a7f0e4566b42023a2d4779cc8d7e96fefec116f2292174R190-R194
Patch
https://github.com/FreshRSS/FreshRSS/pull/7878
Issue Tracking
Patch
https://github.com/FreshRSS/FreshRSS/pull/7971
Issue Tracking
Patch
https://github.com/FreshRSS/FreshRSS/pull/7979
Issue Tracking
Patch
https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-6c8h-w3j5-j293
Exploit
Patch
Vendor Advisory
https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-6c8h-w3j5-j293
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freshrss:freshrss:*:*:*:*:*:*:*:*

Версия от 1.23.0 (включая) до 1.27.1 (исключая)

EPSS

Процентиль: 34%

0.00137

Низкий

8.8 High

CVSS3

Дефекты

CWE-20

CWE-22

Связанные уязвимости