Login Sign Up

CVE-2025-31134

7.5 HIGH

📋 TL;DR

FreshRSS versions before 1.26.2 contain an information disclosure vulnerability that allows attackers to check for the existence of specific directories on the server. This can reveal details about installed software (like older PHP versions) and potentially enable further attacks. All self-hosted FreshRSS instances running vulnerable versions are affected.

💻 Affected Systems

Products:
  • FreshRSS
Versions: All versions prior to 1.26.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects self-hosted instances; cloud-hosted versions are managed by the provider.

📦 What is this software?

Freshrss by Freshrss

View all CVEs affecting Freshrss →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gather detailed server information, identify vulnerable software versions, and chain this with other exploits to gain unauthorized access or execute arbitrary code.

🟠

Likely Case

Attackers discover installed software versions and use that information to target known vulnerabilities in those components, potentially escalating to more severe attacks.

🟢

If Mitigated

Limited information disclosure with no direct path to compromise if proper network segmentation and security controls are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation involves simple directory existence checks; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.26.2

Vendor Advisory: https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-jjm2-4hf7-9x65

Restart Required: No

Instructions:

1. Backup your FreshRSS installation and database. 2. Download FreshRSS 1.26.2 or later from the official repository. 3. Replace the existing installation files with the new version. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict Directory Access

all

Configure web server (Apache/Nginx) to deny access to sensitive directories.

# Apache: Add to .htaccess
Deny from all
# Nginx: Add to server block
location ~ /\. { deny all; }

🧯 If You Can't Patch

  • Implement strict network access controls to limit FreshRSS exposure to trusted networks only.
  • Deploy a web application firewall (WAF) to block directory enumeration attempts.

🔍 How to Verify

Check if Vulnerable:

Check FreshRSS version in the web interface under 'About' or examine the version in the installation directory.

Check Version:

grep -r "define('FRESHRSS_VERSION'" /path/to/freshrss/

Verify Fix Applied:

Confirm version is 1.26.2 or later and test that directory existence checks no longer return information.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to non-standard directories
  • Multiple 403/404 errors for directory paths in short time

Network Indicators:

  • HTTP requests probing for directories like /php/, /admin/, or software-specific paths

SIEM Query:

source="web_server" AND (status=403 OR status=404) AND uri CONTAINS "/."

📊 Metadata

CVE ID: CVE-2025-31134
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-201
EPSS Score: 0.08% exploit probability (23th percentile)
Published: June 4, 2025
Last Updated: June 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-31134, you might also want to check these:

CVE-2020-27127 9.9

This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary code with elevated...

Same vulnerability type (CWE-201)
CVE-2020-27133 9.9

CVE-2020-27133 is a critical vulnerability in Cisco Jabber that allows attackers to execute arbitrar...

Same vulnerability type (CWE-201)
CVE-2020-26085 9.9

This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary programs with elev...

Same vulnerability type (CWE-201)