CVE-2025-66402

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.

Ссылки

https://github.com/misskey-dev/misskey/commit/dc77d59f8712d3fe0b73cd4af2035133839cd57b
Patch
https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3
Exploit
Vendor Advisory
https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*

Версия от 13.1.0 (включая) до 2025.12.0 (исключая)

cpe:2.3:a:misskey:misskey:13.0.0:-:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta16:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta21:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta22:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta23:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta24:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta25:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta26:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta27:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta28:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta29:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta30:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta31:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta32:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta33:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta34:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta35:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta36:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta37:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta38:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta39:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta40:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta41:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta42:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:beta43:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc10:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc11:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc6:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc7:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc8:*:*:*:*:*:*

cpe:2.3:a:misskey:misskey:13.0.0:rc9:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-496g-mmpw-j9x3