Access Denial Vulnerability in FreshRSS by FreshRSS
CVE-2025-68148
4.3MEDIUM
What is CVE-2025-68148?
FreshRSS, a self-hosted RSS aggregator, is susceptible to an access denial issue affecting versions 1.27.0 through prior to 1.28.0. An attacker can exploit this vulnerability by modifying proxy settings to issue a '429 Retry-After' response for a large set of feeds. This can render the application unusable for most users by denying access to the content they depend on. The vulnerability has been addressed in version 1.28.0, which includes important patches to ensure reliable access to RSS feeds.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
FreshRSS >= 1.27.0, < 1.28.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved