CVE-2025-31482

FreshRSS vulnerable to DoS by malicious feed entry loading logout URL

Description

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.

INFO

Published Date :

2025-06-04T19:50:58.615Z

Last Modified :

2025-06-04T20:46:27.779Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-31482 vulnerability.

Vendors	Products
Freshrss	Freshrss

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-31482.

URL	Resource
https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-vpmc-3fv2-jmgp

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact