{"id":3005,"date":"2025-05-05T14:33:00","date_gmt":"2025-05-05T14:33:00","guid":{"rendered":"http:\/\/localhost\/?p=3005"},"modified":"2025-05-05T14:33:00","modified_gmt":"2025-05-05T14:33:00","slug":"cve-2025-46340-misskey-css-style-injection-vulnerability-in-mkurlpreview","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=3005","title":{"rendered":"CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nCVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`<\/td>\n<\/tr>\n
Type<\/th>\ncvelist<\/td>\n<\/tr>\n
Published<\/th>\n2025-05-05T18:35:37<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-05-05T19:02:11<\/td>\n<\/tr>\n
CVSS Score<\/th>\n7.2 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nLOW<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nLOW<\/td>\n<\/tr>\n
Availability Impact<\/th>\nNONE<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2025-46340<\/td>\n<\/tr>\n
CWE<\/th>\nCWE-20, CWE-116<\/td>\n<\/tr>\n
Bulletin Family<\/th>\ncve<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to…\n <\/div>\n<\/p><\/div>\n
\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n7.2<\/td>\n<\/tr>\n
Severity<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n