CVSS 3.1 Score 9.9 of 10 (high)


Published Feb 12, 2024
CWE ID 285
CWE ID 863
CWE ID 280


CVE-2024-25108 is a critical vulnerability affecting Pixelfed, an open source photo sharing platform. It allows attackers to gain unauthorized access to administrative and moderator functionality on the Pixelfed server by exploiting improper and insufficient authorization checks. This vulnerability affects all versions of Pixelfed between v0.10.4 and v0.11.9. A proof of concept exists for this vulnerability, which requires some user interaction but can also be exploited in a time-delayed manner without active user involvement. The issue has been addressed in version 0.11.11, and users are advised to upgrade to this version to mitigate the risk of exploitation.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25108 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options