CVE-2025-68932
- Source
- https://cve.org/CVERecord?id=CVE-2025-68932
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68932.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68932
- Aliases
-
- GHSA-j9wc-gwc6-p786
- Published
- 2025-12-26T23:43:34.693Z
- Modified
- 2026-03-14T12:46:05.982110Z
- Severity
-
- 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- FreshRSS has weak cryptographic randomness in remember-me token and nonce generation
- Details
-
FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid()) to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to account takeover through persistent session hijacking. The remember-me tokens provide permanent authentication and are the sole credential for "keep me logged in" functionality. This issue has been patched in version 1.28.0.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-338" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68932.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68932.json
- https://github.com/FreshRSS/FreshRSS/commit/57e1a375cbd2db9741ff19167813344f8eff5772
- https://github.com/FreshRSS/FreshRSS/pull/8061
- https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-j9wc-gwc6-p786
- https://nvd.nist.gov/vuln/detail/CVE-2025-68932
Affected packages
Git / github.com/freshrss/freshrss
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freshrss/freshrss
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
1.*
1.0.0
1.1.0
1.1.1
1.1.2-beta
1.1.3-beta
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.12.0
1.13.0
1.13.1
1.14.0
1.14.1
1.14.2
1.14.3
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.16.1
1.16.2
1.17.0
1.18.0
1.18.1
1.19.0
1.19.1
1.19.2
1.2.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.22.1
1.23.0
1.23.1
1.24.0
1.24.1
1.24.2
1.24.3
1.25.0
1.26.0
1.26.1
1.26.2
1.26.3
1.27.0
1.27.1
1.3.0-beta
1.3.1-beta
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.8.0
1.9.0