CVE-2025-31482 is a Cross-Site Request Forgery (CSRF) vulnerability identified in FreshRSS, a popular self-hosted RSS feed aggregator. The vulnerability affects versions prior to 1.26.2. The issue manifests when a user fetches a maliciously crafted feed entry, which triggers repeated logouts of the user. This behavior effectively results in a denial of service (DoS) condition for the affected user, as they are unable to maintain a logged-in session. The vulnerability is classified under CWE-352, indicating a CSRF attack vector where unauthorized commands are transmitted from a user that the web application trusts. The CVSS v3.1 base score is 4.3, reflecting a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) indicates that the attack can be performed remotely over the network without privileges, requires low attack complexity, no privileges, but does require user interaction (UI:R). The impact is limited to availability (denial of service) with no confidentiality or integrity loss. The vulnerability has been patched in FreshRSS version 1.26.2, and no known exploits are currently reported in the wild. The root cause is the lack of proper CSRF protections when processing feed entries, allowing malicious feeds to trigger session invalidation and logout. This vulnerability could be exploited by an attacker who can trick a user into subscribing to or fetching a malicious RSS feed, causing repeated session termination and disruption of service for that user.

For European organizations using FreshRSS for internal or public RSS feed aggregation, this vulnerability can cause significant disruption to user productivity by forcing repeated logouts and denying access to the aggregator service. Although the impact is limited to availability and does not compromise data confidentiality or integrity, the denial of service can affect workflows that rely on timely access to aggregated news or information feeds. Organizations with multiple users depending on FreshRSS may experience widespread inconvenience and potential operational delays. Since FreshRSS is often self-hosted, organizations with less mature patch management processes may remain vulnerable for extended periods. Additionally, sectors that rely heavily on continuous information flow, such as media, research institutions, and government agencies, could see a degradation in service quality. The requirement for user interaction means that social engineering or user awareness is a factor, but the vulnerability could be exploited via malicious feed subscriptions or links. The absence of known exploits in the wild reduces immediate risk, but the medium severity score and ease of exploitation warrant proactive mitigation.

European organizations should immediately verify the version of FreshRSS deployed and upgrade to version 1.26.2 or later, where the vulnerability is patched. Since the vulnerability exploits CSRF, administrators should ensure that CSRF protections are enabled and properly configured in their FreshRSS installations. This includes validating anti-CSRF tokens on state-changing requests and ensuring that feed fetching mechanisms do not process untrusted or unauthenticated feed entries without validation. User education is also important: users should be cautioned against subscribing to unknown or untrusted RSS feeds. Network-level controls can be implemented to restrict access to known safe feed sources or to monitor for unusual feed subscription patterns. For organizations hosting FreshRSS publicly, implementing Web Application Firewalls (WAFs) with rules to detect and block CSRF attempts can provide additional protection. Regular security audits and monitoring for unusual logout patterns can help detect exploitation attempts early. Finally, maintaining an up-to-date inventory of self-hosted applications and applying patches promptly is critical to reduce exposure.