Freshrss · Freshrss · CVE-2025-54592
**Name of the Vulnerable Software and Affected Versions**
FreshRSS versions 1.26.3 and below
**Description**
FreshRSS does not properly end a user session when they log out. The session cookie remains active and can be reused by an attacker to start a new session, potentially leading to session hijacking and fixation.
**Recommendations**
Update to version 1.27.0 or later.