PT-2025-41808 · Mastodon · Mastodon
Thisismissem
·
Publicado
2025-10-13
·
Atualizado
2025-10-20
·
CVE-2025-62175
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mastodon versions prior to 4.4.6
Mastodon versions prior to 4.3.14
Mastodon versions prior to 4.2.27
Description
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updates through existing streaming connections and to establish new streaming connections, despite being unable to interact with other API endpoints. This behavior undermines moderation actions, as administrators expect disabled or suspended accounts to be fully disconnected from the service.
Recommendations
Update Mastodon to version 4.4.6 or later.
Update Mastodon to version 4.3.14 or later.
Update Mastodon to version 4.2.27 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mastodon