Unrated severityNVD Advisory· Published Jun 4, 2025· Updated Jun 4, 2025
FreshRSS vulnerable to directory enumeration via ext.php
CVE-2025-31134
Description
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/FreshRSS/FreshRSS/commit/4568111c00813756a3a34a381d684b8354fc4438mitrex_refsource_MISC
- github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.