- Description
- Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on `/auth/setup`. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 and 4.3.4 fix the issue.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-770
- Hype score
- Not currently trending
🚨 CVE-2025-27157 🟠 MEDIUM (5.3) 🏢 mastodon - mastodon 🏗️ >= 4.2.0, < 4.2.16 🔗 https://t.co/1r2vUGeZPh 🔗 https://t.co/2eMY0xU692 #CyberCron #VulnAlert https://t.co/86yZzLOZ1N
@cybercronai
1 Mar 2025
120 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
New post from https://t.co/uXvPWJy6tj (CVE-2025-27157 | Mastodon up to 4.2.15/4.3.3 /auth/setup allocation of resources (GHSA-v39f-c9jj-8w7h)) has been published on https://t.co/18PWVGhW4P
@WolfgangSesin
28 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes