FreshRSS is vulnerable to directory enumeration by setting path in...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.

Basic Information

ID CVE-2025-61586

Source GitHub_M

Published Sep 29, 2025 at 23:14

Affected Product

Vendor FreshRSS

Product FreshRSS

Version < 1.27.0

Affected Versions FreshRSS FreshRSS < 1.27.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.",
    "published": "2025-09-29T23:14:51.054Z",
    "modified": "2025-09-29T23:14:51.054Z",
    "type": "cve",
    "title": "FreshRSS is vulnerable to directory enumeration by setting path in its theme field",
    "source": "GitHub_M",
    "references": "https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-w35p-p867-qr4f\nhttps://github.com/FreshRSS/FreshRSS/pull/7722\nhttps://github.com/FreshRSS/FreshRSS/commit/6549932d59aef3b72a9da29294af0f30ffb77af5",
    "id": "CVE-2025-61586",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "FreshRSS FreshRSS < 1.27.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FreshRSS",
    "version": "< 1.27.0",
    "vendor": "FreshRSS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

FreshRSS is vulnerable to directory enumeration by setting path in its theme field_CVE-2025-61586