Skip to main content

CVE-2025-31482: CWE-352: Cross-Site Request Forgery (CSRF) in FreshRSS FreshRSS

Medium
VulnerabilityCVE-2025-31482cvecve-2025-31482cwe-352
Published: Wed Jun 04 2025 (06/04/2025, 19:50:58 UTC)
Source: CVE Database V5
Vendor/Project: FreshRSS
Product: FreshRSS

Description

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.

AI-Powered Analysis

AILast updated: 07/06/2025, 19:58:19 UTC

Technical Analysis

CVE-2025-31482 is a Cross-Site Request Forgery (CSRF) vulnerability identified in FreshRSS, a popular self-hosted RSS feed aggregator. The vulnerability affects versions prior to 1.26.2. The issue manifests when a user fetches a maliciously crafted feed entry, which triggers repeated logouts of the user. This behavior effectively results in a denial of service (DoS) condition for the affected user, as they are unable to maintain a logged-in session. The vulnerability is classified under CWE-352, indicating a CSRF attack vector where unauthorized commands are transmitted from a user that the web application trusts. The CVSS v3.1 base score is 4.3, reflecting a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) indicates that the attack can be performed remotely over the network without privileges, requires low attack complexity, no privileges, but does require user interaction (UI:R). The impact is limited to availability (denial of service) with no confidentiality or integrity loss. The vulnerability has been patched in FreshRSS version 1.26.2, and no known exploits are currently reported in the wild. The root cause is the lack of proper CSRF protections when processing feed entries, allowing malicious feeds to trigger session invalidation and logout. This vulnerability could be exploited by an attacker who can trick a user into subscribing to or fetching a malicious RSS feed, causing repeated session termination and disruption of service for that user.

Potential Impact

For European organizations using FreshRSS for internal or public RSS feed aggregation, this vulnerability can cause significant disruption to user productivity by forcing repeated logouts and denying access to the aggregator service. Although the impact is limited to availability and does not compromise data confidentiality or integrity, the denial of service can affect workflows that rely on timely access to aggregated news or information feeds. Organizations with multiple users depending on FreshRSS may experience widespread inconvenience and potential operational delays. Since FreshRSS is often self-hosted, organizations with less mature patch management processes may remain vulnerable for extended periods. Additionally, sectors that rely heavily on continuous information flow, such as media, research institutions, and government agencies, could see a degradation in service quality. The requirement for user interaction means that social engineering or user awareness is a factor, but the vulnerability could be exploited via malicious feed subscriptions or links. The absence of known exploits in the wild reduces immediate risk, but the medium severity score and ease of exploitation warrant proactive mitigation.

Mitigation Recommendations

European organizations should immediately verify the version of FreshRSS deployed and upgrade to version 1.26.2 or later, where the vulnerability is patched. Since the vulnerability exploits CSRF, administrators should ensure that CSRF protections are enabled and properly configured in their FreshRSS installations. This includes validating anti-CSRF tokens on state-changing requests and ensuring that feed fetching mechanisms do not process untrusted or unauthenticated feed entries without validation. User education is also important: users should be cautioned against subscribing to unknown or untrusted RSS feeds. Network-level controls can be implemented to restrict access to known safe feed sources or to monitor for unusual feed subscription patterns. For organizations hosting FreshRSS publicly, implementing Web Application Firewalls (WAFs) with rules to detect and block CSRF attempts can provide additional protection. Regular security audits and monitoring for unusual logout patterns can help detect exploitation attempts early. Finally, maintaining an up-to-date inventory of self-hosted applications and applying patches promptly is critical to reduce exposure.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-03-28T13:36:51.297Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6840a57a182aa0cae2bc751b

Added to database: 6/4/2025, 7:58:50 PM

Last enriched: 7/6/2025, 7:58:19 PM

Last updated: 8/11/2025, 6:42:58 PM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats