CVE-2025-61775

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

Name of the Vulnerable Software and Affected Versions Vickey versions prior to 2025.10.0

Description Vickey, a Misskey-based microblogging platform, has an issue where unexpired email confirmation links can be reused multiple times, leading to repeated confirmation emails being sent to a verified email address. This can occur if the verification link is accessed multiple times under certain conditions. The issue results in unintended email traffic but does not expose user data.

Recommendations Update to version 2025.10.0 or later.

Exploit

Fix

Insufficient Session Expiration

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613CWE-770

Related Identifiers

CVE-2025-61775

GHSA-Q6HP-37X8-FHM7

Affected Products

Vickey

CVE-2025-61775

Weakness Enumeration

Related Identifiers

Affected Products

References · 8