PT-2025-51322 · Misskey · Misskey

Published

2025-12-15

Updated

2026-01-06

CVE-2025-66402

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Misskey versions 13.0.0-beta.16 through 2025.12.0

Description Misskey is a federated social media platform. Users without the necessary permissions to view favorites or clips could export posts and access their contents.

Recommendations Update to version 2025.12.0.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-66402

GHSA-496G-MMPW-J9X3

Affected Products

Misskey

PT-2025-51322 · Misskey · Misskey

CVE-2025-66402

Weakness Enumeration

Related Identifiers

Affected Products

References · 11