5 matches found
CVE-2025-27157
creationtimestamp| type| source ---|---|--- 2025-02-27 17:25:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5720 2025-02-27 18:18:44+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114077225711677534 2025-02-27 19:15:38+00:00| seen|...
CVE-2025-27157
Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...
CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`
Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...
CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`
Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...
CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`
Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...