CVE-2025-30741

Sažetak

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.

Reference

https://fokus.cool/2025/03/25/pixelfed-vulnerability.html
https://github.com/pixelfed/pixelfed/releases/tag/v0.12.5
https://mastodon.social/@pixelfed/114215925957179498
https://news.ycombinator.com/item?id=43474425

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

27-03-2025 - 16:45

Objavljeno

25-03-2025 - 21:15