Unrated severityOSV Advisory· Published Dec 26, 2025· Updated Dec 29, 2025
FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After
CVE-2025-68148
Description
FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in version 1.28.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/FreshRSS/FreshRSS/commit/7d4854a0a4f5665db599f18c34035786465639f3mitrex_refsource_MISC
- github.com/FreshRSS/FreshRSS/pull/8029mitrex_refsource_MISC
- github.com/FreshRSS/FreshRSS/security/advisories/GHSA-qw34-frg7-gf78mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.