VYPR
Unrated severityNVD Advisory· Published Mar 10, 2025· Updated Mar 12, 2025

Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes

CVE-2025-25306

Description

Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the id and url fields of ActivityPub objects. An attacker can forge an object where they claim authority in the url field even if the specific ActivityPub object type require authority in the id field. Version 2025.2.1 addresses the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Misskey Dev/Misskeyllm-fuzzy2 versions
    <=2025.2.0+ 1 more
    • (no CPE)range: <=2025.2.0
    • (no CPE)range: < 2025.2.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.