CVE-2025-24897

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 352

CWE ID 1275

CWE ID 614

Summary

CVE-2025-24897 is a vulnerability affecting Misskey, an open source federated social media platform. In versions 12.109.0 and prior to 2025.2.0-alpha.0, Misskey's Bull dashboard lacked Cross-Site Request Forgery (CSRF) protection and proper security attributes in its authentication cookies. This issue exposed some APIs of the bull-board to CSRF attacks, potentially allowing attackers to add arbitrary jobs with significant impact on availability and integrity. The vulnerability was addressed in version 2025.2.0-alpha.0, and as a temporary measure, access to the `/queue` directory can be blocked using a web application firewall.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database