CVE-2025-46559
📋 TL;DR
This vulnerability in Misskey allows malicious AiScript code to bypass API endpoint restrictions by using directory traversal sequences (../) to access unauthorized endpoints like /files, /url, and /proxy. It affects Misskey instances running versions 12.31.0 through 2025.4.0 where custom AiScript plugins or untrusted code can be executed.
💻 Affected Systems
- Misskey
📦 What is this software?
Misskey by Misskey
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive files, proxy arbitrary URLs through the server, or perform unauthorized actions on other endpoints, potentially leading to data exposure, server-side request forgery, or privilege escalation.
Likely Case
Malicious AiScript code could access restricted API endpoints to read files, make unauthorized requests, or bypass intended access controls within the Misskey instance.
If Mitigated
With proper input validation and access controls, the impact is limited to the specific AiScript execution context with minimal privilege escalation.
🎯 Exploit Status
Exploitation requires ability to execute AiScript code, which typically requires some level of access or plugin installation capability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.4.1
Vendor Advisory: https://github.com/misskey-dev/misskey/security/advisories/GHSA-gmq6-738q-vjp2
Restart Required: Yes
Instructions:
1. Backup your Misskey instance. 2. Update to version 2025.4.1 or later. 3. Restart the Misskey service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable AiScript execution
allTemporarily disable AiScript plugin execution to prevent exploitation
Edit Misskey configuration to disable AiScript plugins or remove plugin execution permissions
Restrict plugin installation
allLimit who can install or execute AiScript plugins
Configure user permissions to restrict plugin management to trusted administrators only
🧯 If You Can't Patch
- Restrict AiScript plugin installation to trusted administrators only
- Monitor for suspicious API requests containing directory traversal sequences
🔍 How to Verify
Check if Vulnerable:
Check if your Misskey version is between 12.31.0 and 2025.4.0 inclusiveCheck Version:
Check Misskey admin panel or configuration files for version informationVerify Fix Applied:
Verify version is 2025.4.1 or later and test that AiScript cannot access unauthorized endpoints📡 Detection & Monitoring
Log Indicators:
- Unusual API requests from AiScript contexts
- Requests containing ../ sequences in API paths
- Access to /files, /url, or /proxy endpoints from unexpected sources
Network Indicators:
- Unexpected outbound requests from Misskey server
- Unusual patterns in API endpoint access
SIEM Query:
source="misskey" AND (path="*../*" OR endpoint IN ("/files", "/url", "/proxy"))