CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

May 5, 2025

CVE ID : CVE-2025-46559

Published : May 5, 2025, 7:15 p.m. | 18 minutes ago

Description : Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn’t designed to have access to. The missing validation allows malicious AiScript code to prefix a URL with `../` to step out of the `/api` directory, thereby being able to make requests to other endpoints, such as `/files`, `/url`, and `/proxy`. Version 2025.4.1 fixes the issue.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43850 – Apache Retrieval-Based Voice Conversion WebUI Remote Code Execution

Next Article CVE-2025-46553 – Misskey/summaly Allow Redirects Bypass Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

How to install and use Ollama to run AI LLMs on your Windows 11 PC

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.13.2025)

How We Use Epic Branches. Without Breaking Our Flow.

I think the ergonomics of generators is growing on me.

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-20003 – Intel Graphics Driver Link Following Privilege Escalation Vulnerability

Niche product design

Revolutionizing Web Design

Uniscribe: Turn any video into text Easily with uniscribe

American Golf Corporation Hit by MEDUSA Ransomware, 155GB of Data Claimed Stolen

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Rilasciata Chimera Linux 20250420: importanti novità nel bootloader e supporto architetturale

Meet Baichuan-M1: A New Series of Large Language Models Trained on 20T Tokens with a Dedicated Focus on Enhancing Medical Capabilities

Mastering Instagram Marketing: A Comprehensive Guide for Entrepreneurs

CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

Related Posts