CVE-2025-66402

EUVD-2025-203442
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
misskeymisskey
13.1.0 ≤
𝑥
< 2025.12.0
misskeymisskey
13.0.0
misskeymisskey
13.0.0:beta16
misskeymisskey
13.0.0:beta21
misskeymisskey
13.0.0:beta22
misskeymisskey
13.0.0:beta23
misskeymisskey
13.0.0:beta24
misskeymisskey
13.0.0:beta25
misskeymisskey
13.0.0:beta26
misskeymisskey
13.0.0:beta27
misskeymisskey
13.0.0:beta28
misskeymisskey
13.0.0:beta29
misskeymisskey
13.0.0:beta30
misskeymisskey
13.0.0:beta31
misskeymisskey
13.0.0:beta32
misskeymisskey
13.0.0:beta33
misskeymisskey
13.0.0:beta34
misskeymisskey
13.0.0:beta35
misskeymisskey
13.0.0:beta36
misskeymisskey
13.0.0:beta37
misskeymisskey
13.0.0:beta38
misskeymisskey
13.0.0:beta39
misskeymisskey
13.0.0:beta40
misskeymisskey
13.0.0:beta41
misskeymisskey
13.0.0:beta42
misskeymisskey
13.0.0:beta43
misskeymisskey
13.0.0:rc1
misskeymisskey
13.0.0:rc10
misskeymisskey
13.0.0:rc11
misskeymisskey
13.0.0:rc2
misskeymisskey
13.0.0:rc3
misskeymisskey
13.0.0:rc4
misskeymisskey
13.0.0:rc5
misskeymisskey
13.0.0:rc6
misskeymisskey
13.0.0:rc7
misskeymisskey
13.0.0:rc8
misskeymisskey
13.0.0:rc9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/misskey-dev/misskey/commit/dc77d59f8712d3fe0b73cd4af2035133839cd57b
https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3
https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3