CVE-2025-61775: CWE-613: Insufficient Session Expiration in Whimsies-YAT Vickey
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address could receive repeated confirmation messages if the verification link was accessed multiple times. This issue may result in unintended email traffic but does not expose user data. The issue was addressed in version 2025.10.0 by improving validation logic to ensure verification links behave as expected after completion.
CVE-2025-61775: CWE-613: Insufficient Session Expiration in Whimsies-YAT Vickey
Description
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address could receive repeated confirmation messages if the verification link was accessed multiple times. This issue may result in unintended email traffic but does not expose user data. The issue was addressed in version 2025.10.0 by improving validation logic to ensure verification links behave as expected after completion.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-09-30T19:43:49.901Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68ed396165e259ed7edc1e41
Added to database: 10/13/2025, 5:39:45 PM
Last updated: 10/13/2025, 5:39:51 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-62244: CWE-639 Authorization Bypass Through User-Controlled Key in Liferay Portal
MediumCVE-2025-62243: CWE-863 Incorrect Authorization in Liferay Portal
MediumCVE-2025-11695: CWE-295: Improper Certificate Validation in MongoDB Rust Driver
HighHeads Up: Scans for ESAFENET CDG V5 , (Mon, Oct 13th)
MediumCVE-2025-7707: CWE-377 Insecure Temporary File in run-llama run-llama/llama_index
HighActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.