| CVE编号 | CVE-2025-25306 |
|---|---|
| 发布日期 | 2025-03-10T18:13:45.515Z |
| 更新日期 | 2025-03-12T19:49:47.787Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | misskey-dev |
| 受影响的产品 | misskey |
| 描述 | Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the `url` field even if the specific ActivityPub object type require authority in the `id` field. Version 2025.2.1 addresses the issue. |
参考链接:
