Unrated severityNVD Advisory· Published Jun 4, 2025· Updated Jun 4, 2025
FreshRSS vulnerable to directory enumeration via ext.php
CVE-2025-31134
Description
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/FreshRSS/FreshRSS/commit/4568111c00813756a3a34a381d684b8354fc4438mitrex_refsource_MISC
- github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.