cvedb.io
CVE-2025-61586
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2025-09-30T04:44:53.067 · Last modified 2026-06-17T09:50:36.313

Summary

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.

Affected products

freshrss — freshrss

Does this affect you?

Add your gear to cvedb and we'll alert you only when freshrss ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.