CVE-2024-52593 – This vulnerability in Misskey allows attackers ... (How to Fix)

Q: What is the severity of CVE-2024-52593?

CVE-2024-52593 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Misskey allows attackers to manipulate 'origin' links in notes and user profiles to point to arbitrary HTTPS URLs, even on different domains. This enables phishing attacks where users may be tricked into clicking malicious links. All Misskey instances running affected versions are vulnerable.

📋 TL;DR

This vulnerability in Misskey allows attackers to manipulate 'origin' links in notes and user profiles to point to arbitrary HTTPS URLs, even on different domains. This enables phishing attacks where users may be tricked into clicking malicious links. All Misskey instances running affected versions are vulnerable.

💻 Affected Systems

Products:

Misskey

Versions: All versions before 2024.11.0-alpha.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Misskey deployments are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Widespread phishing campaigns targeting federated social media users, credential theft, malware distribution through trusted-looking links.

🟠

Likely Case

Targeted phishing attacks against specific users or communities, reputation damage to vulnerable instances.

🟢

If Mitigated

Minimal impact if users are trained to verify URLs before clicking, but phishing risk remains.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to create notes or modify user profiles, but the vulnerability itself is simple to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.11.0-alpha.3

Vendor Advisory: https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj

Restart Required: Yes

Instructions:

1. Backup your Misskey instance. 2. Update to version 2024.11.0-alpha.3 or later. 3. Restart the Misskey service. 4. Verify the update was successful.

🧯 If You Can't Patch

Implement strict URL filtering at network perimeter to block suspicious domains.
Educate users about phishing risks and URL verification.

🔍 How to Verify

Check if Vulnerable:

Check if your Misskey version is earlier than 2024.11.0-alpha.3.

Check Version:

Check Misskey admin panel or package manager for version information.

Verify Fix Applied:

Confirm version is 2024.11.0-alpha.3 or later and test that origin links are properly validated.

📡 Detection & Monitoring

Log Indicators:

Unusual patterns of note creation or profile updates with external URLs.
User reports of suspicious links in notes or profiles.

Network Indicators:

Outbound connections to unexpected domains when clicking origin links.

SIEM Query:

Search for: 'NoteCreateService.insertNote' OR 'ApPersonService.createPerson' OR 'ApPersonService.updatePerson' with URL parameters

📊 Metadata

CVE ID: CVE-2024-52593

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-20

Published: December 18, 2024

Last Updated: November 26, 2025

🔗 References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52593, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Misskey by Misskey

Misskey by Misskey

Misskey by Misskey

Misskey by Misskey

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities