CVE-2025-66402
Last modified
CVE-2025-66402 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Misskey | Misskey | >= 13.1.0, < 2025.12.0 |
| Misskey | Misskey | 13.0.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-66402?
How severe is CVE-2025-66402?
How do I fix CVE-2025-66402?
Are you affected by CVE-2025-66402?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST