CVE-2025-59949

Published December 18th, 2025

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via <track src>. Version 1.27.1 patches the issue.

FreshRSS/FreshRSS

A free, self-hostable news aggregator…

GitHub

15.4K