CVE-2025-24896 is a high-severity vulnerability affecting Misskey, an open source, federated social media platform. This vulnerability allows a login token named `token` to be stored in a cookie for authentication purposes within the Bull Dashboard. The critical issue arises as this token remains undeleted even after a user performs a logout. The primary affected users will be those who have logged into Misskey using a public PC or another individual's device. It's also possible that users who have logged out before lending their PC could be affected. As a result, unauthorized access to user accounts is a significant risk.
The vulnerability has a CVSS score of 8.1, classifying it as high severity. The attack vector is network-based, with low complexity, meaning attackers may leverage this vulnerability with relative ease. User interaction is required, and the impacts on confidentiality and integrity are both rated as high. As such, organizations should prioritize patching immediately.
This vulnerability was disclosed on February 11, 2025, and affects versions of Misskey starting from 12.109.0 up to, but not including, 2025.2.0-alpha.0. A fix for this issue is available in version 2025.2.0-alpha.0. Organizations using affected versions must act quickly to apply the patches to mitigate potential risks.
In conclusion, the urgency for defenders is clear. Organizations must address this vulnerability as part of their immediate patch management processes to prevent unauthorized access and protect sensitive user data.
Vulnerability Details
The official CVE description states: 'Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed.' The vulnerability is classified under CWE-613, indicating the issue of insufficient session expiration.
The CVSS score of 8.1 indicates a high severity level, with the attack vector being network-based and requiring user interaction. The potential impact on confidentiality and integrity is high, emphasizing the importance of immediate remediation.
Affected products include Misskey versions from 12.109.0 to 2025.1.0. The vulnerability was published on February 11, 2025, and the fix is included in version 2025.2.0-alpha.0.
Technical Analysis
The root cause of this vulnerability is the failure to delete authentication tokens from cookies after a user logs out. This oversight permits the retention of sensitive authentication data, which can be exploited by malicious actors. The attack vector is network-based, and the attack complexity is low, which means that an attacker does not require extensive skills or resources to exploit this vulnerability.
In terms of privileges required, no privileges are necessary for an attacker to exploit this vulnerability. However, user interaction is required, as the attacker must entice the user to log into the application. The impacts on confidentiality and integrity are both classified as high, meaning that successful exploitation could lead to unauthorized access to user accounts and sensitive information, while availability is not impacted.
Risk & Impact Analysis
Risk to organizations includes unauthorized access to user accounts, particularly for those using public or shared devices to access Misskey. The implications can range from data breaches to the unauthorized dissemination of information, depending on the sensitivity of the data involved. The potential blast radius is significant since multiple users may share devices, thus affecting a broader user base.
Given the CVSS score of 8.1, organizations should address this vulnerability in their priority patch cycle. The urgency is compounded by the possibility of exploitation in shared or public environments, where the impact can be amplified across multiple users.
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The versions of Misskey affected by this vulnerability include all versions from 12.109.0 to 2025.1.0. Organizations must ensure that they upgrade to version 2025.2.0-alpha.0 or later to mitigate the risk associated with this vulnerability.
Mitigation & Remediation
Organizations should prioritize applying the patch available in version 2025.2.0-alpha.0 to remediate this vulnerability. If patching is not immediately possible, consider implementing workarounds such as advising users to clear cookies after logging out and enhancing configuration settings to improve session management.
In addition to patching, organizations could benefit from conducting a thorough security assessment through application security assessments to identify similar weaknesses and enhance overall security posture.
Monitoring should also be enhanced to track any unauthorized access attempts, and user training should be conducted to increase awareness regarding secure usage of shared devices.
Detection Guidance
Organizations should monitor logs for indicators of unauthorized access, especially those originating from shared or public devices. Look for behavioral anomalies that may indicate compromised sessions and implement network signatures to detect unusual activity patterns.
System changes such as unexpected logouts or multiple login attempts from different locations should also be flagged for review.
AppSecure Threat Intelligence Insight
The long-term significance of CVE-2025-24896 lies in its exposure of user authentication weaknesses that can be exploited in shared computing environments. Security teams must recognize the trends in session management vulnerabilities and the necessity for robust security practices.
This incident serves as a reminder for organizations to conduct regular security assessments, including penetration testing to identify potential vulnerabilities before they can be exploited.
Additionally, organizations should leverage resources such as vulnerability management programs to prioritize and address risks systematically.
Finally, organizations should remain vigilant about emerging threats, as seen in this case, to ensure they are prepared for evolving attack vectors.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)