MeldSecurity
Press Enter to search
CVE Database & Search β†’
Sign In Get Started

CVE-2025-68932

🚨 CRITICAL

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid()) to generate remember-me authentication...

Published
Dec 27, 2025
Last Modified
Dec 31, 2025
Views
5
Bookmarks
0

Description

Request Expert Review

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid()) to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to account takeover through persistent session hijacking. The remember-me tokens provide permanent authentication and are the sole credential for "keep me logged in" functionality. This issue has been patched in version 1.28.0.

Affected Products (1)

freshrss - freshrss

Version: *

CVSS Scores

CVSS 3.1 9.8
9.8
CRITICAL
CVSS 2.0 9.8

References

github.com github.com github.com github.com

Additional Information

Source
security-advisories@github.com
State
Analyzed

Related CVEs

CVE-2026-1139

HIGH

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The...

Score: 8.8

CVE-2026-1138

HIGH

A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can...

Score: 8.8

CVE-2026-1137

HIGH

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig....

Score: 8.8

CVE-2026-1136

LOW

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bCont...

Score: 3.5

CVE-2026-1135

MEDIUM

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. T...

Score: 4.3

CVE-2026-1134

MEDIUM

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The ma...

Score: 4.3

Share CVE-2025-68932

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-68932 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis