CVE-2025-31482: CWE-352: Cross-Site Request Forgery (CSRF) in FreshRSS FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.
AI Analysis
Technical Summary
CVE-2025-31482 is a Cross-Site Request Forgery (CSRF) vulnerability identified in FreshRSS, a popular self-hosted RSS feed aggregator. The vulnerability affects versions prior to 1.26.2. The issue manifests when a user fetches a maliciously crafted feed entry, which triggers repeated logouts of the user. This behavior effectively results in a denial of service (DoS) condition for the affected user, as they are unable to maintain a logged-in session. The vulnerability is classified under CWE-352, indicating a CSRF attack vector where unauthorized commands are transmitted from a user that the web application trusts. The CVSS v3.1 base score is 4.3, reflecting a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) indicates that the attack can be performed remotely over the network without privileges, requires low attack complexity, no privileges, but does require user interaction (UI:R). The impact is limited to availability (denial of service) with no confidentiality or integrity loss. The vulnerability has been patched in FreshRSS version 1.26.2, and no known exploits are currently reported in the wild. The root cause is the lack of proper CSRF protections when processing feed entries, allowing malicious feeds to trigger session invalidation and logout. This vulnerability could be exploited by an attacker who can trick a user into subscribing to or fetching a malicious RSS feed, causing repeated session termination and disruption of service for that user.
Potential Impact
For European organizations using FreshRSS for internal or public RSS feed aggregation, this vulnerability can cause significant disruption to user productivity by forcing repeated logouts and denying access to the aggregator service. Although the impact is limited to availability and does not compromise data confidentiality or integrity, the denial of service can affect workflows that rely on timely access to aggregated news or information feeds. Organizations with multiple users depending on FreshRSS may experience widespread inconvenience and potential operational delays. Since FreshRSS is often self-hosted, organizations with less mature patch management processes may remain vulnerable for extended periods. Additionally, sectors that rely heavily on continuous information flow, such as media, research institutions, and government agencies, could see a degradation in service quality. The requirement for user interaction means that social engineering or user awareness is a factor, but the vulnerability could be exploited via malicious feed subscriptions or links. The absence of known exploits in the wild reduces immediate risk, but the medium severity score and ease of exploitation warrant proactive mitigation.
Mitigation Recommendations
European organizations should immediately verify the version of FreshRSS deployed and upgrade to version 1.26.2 or later, where the vulnerability is patched. Since the vulnerability exploits CSRF, administrators should ensure that CSRF protections are enabled and properly configured in their FreshRSS installations. This includes validating anti-CSRF tokens on state-changing requests and ensuring that feed fetching mechanisms do not process untrusted or unauthenticated feed entries without validation. User education is also important: users should be cautioned against subscribing to unknown or untrusted RSS feeds. Network-level controls can be implemented to restrict access to known safe feed sources or to monitor for unusual feed subscription patterns. For organizations hosting FreshRSS publicly, implementing Web Application Firewalls (WAFs) with rules to detect and block CSRF attempts can provide additional protection. Regular security audits and monitoring for unusual logout patterns can help detect exploitation attempts early. Finally, maintaining an up-to-date inventory of self-hosted applications and applying patches promptly is critical to reduce exposure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Belgium, Italy
CVE-2025-31482: CWE-352: Cross-Site Request Forgery (CSRF) in FreshRSS FreshRSS
Description
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-31482 is a Cross-Site Request Forgery (CSRF) vulnerability identified in FreshRSS, a popular self-hosted RSS feed aggregator. The vulnerability affects versions prior to 1.26.2. The issue manifests when a user fetches a maliciously crafted feed entry, which triggers repeated logouts of the user. This behavior effectively results in a denial of service (DoS) condition for the affected user, as they are unable to maintain a logged-in session. The vulnerability is classified under CWE-352, indicating a CSRF attack vector where unauthorized commands are transmitted from a user that the web application trusts. The CVSS v3.1 base score is 4.3, reflecting a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) indicates that the attack can be performed remotely over the network without privileges, requires low attack complexity, no privileges, but does require user interaction (UI:R). The impact is limited to availability (denial of service) with no confidentiality or integrity loss. The vulnerability has been patched in FreshRSS version 1.26.2, and no known exploits are currently reported in the wild. The root cause is the lack of proper CSRF protections when processing feed entries, allowing malicious feeds to trigger session invalidation and logout. This vulnerability could be exploited by an attacker who can trick a user into subscribing to or fetching a malicious RSS feed, causing repeated session termination and disruption of service for that user.
Potential Impact
For European organizations using FreshRSS for internal or public RSS feed aggregation, this vulnerability can cause significant disruption to user productivity by forcing repeated logouts and denying access to the aggregator service. Although the impact is limited to availability and does not compromise data confidentiality or integrity, the denial of service can affect workflows that rely on timely access to aggregated news or information feeds. Organizations with multiple users depending on FreshRSS may experience widespread inconvenience and potential operational delays. Since FreshRSS is often self-hosted, organizations with less mature patch management processes may remain vulnerable for extended periods. Additionally, sectors that rely heavily on continuous information flow, such as media, research institutions, and government agencies, could see a degradation in service quality. The requirement for user interaction means that social engineering or user awareness is a factor, but the vulnerability could be exploited via malicious feed subscriptions or links. The absence of known exploits in the wild reduces immediate risk, but the medium severity score and ease of exploitation warrant proactive mitigation.
Mitigation Recommendations
European organizations should immediately verify the version of FreshRSS deployed and upgrade to version 1.26.2 or later, where the vulnerability is patched. Since the vulnerability exploits CSRF, administrators should ensure that CSRF protections are enabled and properly configured in their FreshRSS installations. This includes validating anti-CSRF tokens on state-changing requests and ensuring that feed fetching mechanisms do not process untrusted or unauthenticated feed entries without validation. User education is also important: users should be cautioned against subscribing to unknown or untrusted RSS feeds. Network-level controls can be implemented to restrict access to known safe feed sources or to monitor for unusual feed subscription patterns. For organizations hosting FreshRSS publicly, implementing Web Application Firewalls (WAFs) with rules to detect and block CSRF attempts can provide additional protection. Regular security audits and monitoring for unusual logout patterns can help detect exploitation attempts early. Finally, maintaining an up-to-date inventory of self-hosted applications and applying patches promptly is critical to reduce exposure.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-03-28T13:36:51.297Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6840a57a182aa0cae2bc751b
Added to database: 6/4/2025, 7:58:50 PM
Last enriched: 7/6/2025, 7:58:19 PM
Last updated: 8/11/2025, 6:42:58 PM
Views: 19
Related Threats
CVE-2025-9007: Buffer Overflow in Tenda CH22
HighCVE-2025-9006: Buffer Overflow in Tenda CH22
HighCVE-2025-9005: Information Exposure Through Error Message in mtons mblog
MediumCVE-2025-9004: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumCVE-2025-9003: Cross Site Scripting in D-Link DIR-818LW
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.