CVE-2025-59950

Source
https://cve.org/CVERecord?id=CVE-2025-59950
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59950.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-59950
Aliases
  • GHSA-j66v-hvqx-5vh3
Published
2025-09-29T23:21:42.118Z
Modified
2026-04-10T05:32:14.909628Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L CVSS Calculator
Summary
FreshRSS: Double clickjacking can lead to privilege escalation
Details

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button inside an attacker-controlled website. A successful attack can allow the attacker to promote themselves to "admin" and log into other users' accounts; the attacker has to know the specific instance URL they're targeting. This issue is fixed in version 1.27.0.

Database specific
{
    "cwe_ids": [
        "CWE-1021"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59950.json"
}
References

Affected packages

Git / github.com/freshrss/freshrss

Affected ranges

Type
GIT
Repo
https://github.com/freshrss/freshrss
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*
0.1.0
0.5.0
0.6.0
0.6.1
0.7.0
0.7.1
0.8.0
0.8.1
1.*
1.0.0
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.12.0
1.13.0
1.13.1
1.14.0
1.14.1
1.14.2
1.14.3
1.15.0
1.15.1
1.15.2
1.16.0
1.16.1
1.16.2
1.17.0
1.18.0
1.18.1
1.19.0
1.19.1
1.19.2
1.2.0
1.20.0
1.20.1
1.21.0
1.22.0
1.22.1
1.23.0
1.23.1
1.24.0
1.24.1
1.24.2
1.24.3
1.25.0
1.26.0
1.26.1
1.26.2
1.26.3
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.8.0
1.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59950.json"