Description

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address could receive repeated confirmation messages if the verification link was accessed multiple times. This issue may result in unintended email traffic but does not expose user data. The issue was addressed in version 2025.10.0 by improving validation logic to ensure verification links behave as expected after completion.

INFO

Published Date :

2025-10-13T17:29:50.340Z

Last Modified :

2025-10-14T13:24:42.527Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61775 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61775.

URL Resource
https://github.com/Whimsies-YAT/Vickey/security/advisories/GHSA-q6hp-37x8-fhm7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability