{"id":81919,"date":"2025-10-06T03:32:45","date_gmt":"2025-10-06T03:32:45","guid":{"rendered":""},"modified":"2025-10-28T12:14:02","modified_gmt":"2025-10-28T18:14:02","slug":"cve-2025-54875-critical-security-vulnerability-in-freshrss-affecting-user-management","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-54875-critical-security-vulnerability-in-freshrss-affecting-user-management\/","title":{"rendered":"<strong>CVE-2025-54875: Critical Security Vulnerability in FreshRSS Affecting User Management<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The vulnerability, identified as CVE-2025-54875, poses a serious threat to the security of any systems running versions 1.16.0 through 1.26.3 of the FreshRSS software. FreshRSS is a free, self-hosted RSS aggregator popular among developers and tech enthusiasts. The vulnerability allows unprivileged attackers to create a new admin <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55730-escaping-vulnerability-in-xwiki-remote-macros-enabling-remote-code-execution\/\"  data-wpil-monitor-id=\"89284\">user<\/a> when the registration feature is enabled. This can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-10533-critical-vulnerability-in-firefox-and-thunderbird-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"89377\">potentially lead to a system<\/a> compromise or data leakage, thereby jeopardizing the security and integrity of the system and the data it holds. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9872-remote-code-execution-vulnerability-in-ivanti-endpoint-manager-due-to-insufficient-filename-validation\/\"  data-wpil-monitor-id=\"89165\">vulnerability is particularly alarming due<\/a> to its high severity score and the potential for severe impacts if exploited.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-54875<br \/>\nSeverity: Critical (CVSS: 9.8)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55743-serious-vulnerability-in-unopim-allows-potential-system-compromise\/\"  data-wpil-monitor-id=\"89701\">System compromise and potential<\/a> for data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2714447241\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>FreshRSS | 1.16.0 through 1.26.3<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The vulnerability lies in the use of a hidden field in the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-57119-privilege-escalation-vulnerability-in-online-library-management-system-v-3-0\/\"  data-wpil-monitor-id=\"89646\">user<\/a> management admin page of FreshRSS, specifically the &#8220;new_user_is_admin&#8221; field. An attacker can exploit this vulnerability by embedding a malicious payload in this hidden field while creating a new <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9693-arbitrary-file-deletion-vulnerability-in-user-meta-user-profile-builder-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"90563\">user<\/a>. This allows the attacker to elevate the new <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-2297-user-profile-manipulation-leading-to-unauthorized-privilege-escalation\/\"  data-wpil-monitor-id=\"90656\">user&#8217;s privileges<\/a> to admin level without requiring any existing admin privileges. This can lead to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-59017-unauthorized-access-via-ajax-backend-routes-in-typo3-cms\/\"  data-wpil-monitor-id=\"89171\">unauthorized system access<\/a> and potential system compromise or data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2587959539\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Below is a conceptual example of how the vulnerability might be exploited.<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/user\/create HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\nusername=attacker&amp;password=pass123&amp;new_user_is_admin=1<\/code><\/pre>\n<p>In this example, the &#8220;new_user_is_admin&#8221; field is set to 1, which the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30325-integer-overflow-vulnerability-in-photoshop-desktop-versions-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"91657\">vulnerable versions<\/a> of FreshRSS interpret as making the new user an administrator. The attacker, therefore, gains admin privileges and can perform any actions an administrator can, potentially <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-10534-critical-firefox-and-thunderbird-vulnerability-leading-to-possible-system-compromise-and-data-leakage\/\"  data-wpil-monitor-id=\"89414\">leading to a system compromise or data<\/a> leakage.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>The best course of action to mitigate this vulnerability is to apply the vendor-supplied patch by upgrading to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30328-out-of-bounds-write-vulnerability-in-animate-versions-24-0-8-23-0-11-and-earlier\/\"  data-wpil-monitor-id=\"91681\">FreshRSS<\/a> version 1.27.0, which has fixed this issue. For those who cannot immediately apply the patch, a temporary mitigation would be to use a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to monitor and block potential exploit attempts. It is also recommended to disable user registration if it is not necessary for your application.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The vulnerability, identified as CVE-2025-54875, poses a serious threat to the security of any systems running versions 1.16.0 through 1.26.3 of the FreshRSS software. FreshRSS is a free, self-hosted RSS aggregator popular among developers and tech enthusiasts. The vulnerability allows unprivileged attackers to create a new admin user when the registration feature is enabled. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-81919","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/81919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=81919"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/81919\/revisions"}],"predecessor-version":[{"id":84850,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/81919\/revisions\/84850"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=81919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=81919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=81919"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=81919"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=81919"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=81919"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=81919"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=81919"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=81919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}