CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...