CVE-2025-66402 — MEDIUM (6.5)

Q: How severe is CVE-2025-66402?

CVE-2025-66402 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-66402?

Check the references section above for vendor advisories and patch information. Affected products include: Misskey Misskey.

Vulnerability Description

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Misskey	Misskey	>= 13.1.0, < 2025.12.0

Related Weaknesses (CWE)

CWE-862

References

https://github.com/misskey-dev/misskey/commit/dc77d59f8712d3fe0b73cd4af203513383Patch
https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3ExploitVendor Advisory
https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3ExploitVendor Advisory

FAQ

What is CVE-2025-66402?

CVE-2025-66402 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can ...

How severe is CVE-2025-66402?

CVE-2025-66402 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66402?

Check the references section above for vendor advisories and patch information. Affected products include: Misskey Misskey.