CVE-2025-24897

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.109.0 through 2025.2.0-alpha.0

Description: Misskey is an open source, federated social media platform. Due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be subject to CSRF attacks. There is a risk of this vulnerability being used for attacks with relatively large impact on availability and integrity, such as the ability to add arbitrary jobs.

Recommendations: For versions 12.109.0 through 2025.2.0-alpha.0, update to version 2025.2.0-alpha.0 to resolve the issue. As a temporary workaround, block all access to the /queue directory with a web application firewall (WAF).