CVE-2024-25623

Summary

CVE-2024-25623 is a vulnerability affecting Mastodon, an open-source social network server. Before versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, Mastodon did not properly validate the `Content-Type` header when fetching remote statuses. As a result, threat actors can upload crafted Activity Streams documents to remote servers and make Mastodon servers fetch them. This issue allows impersonation of an account on a vulnerable server that permits user registration, accepts arbitrary user-uploaded documents, and serves them with an `Accept` header of the Activity Streams media type. Versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19 have been released with the necessary fixes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.