CVE-2025-62166
FreshRSS (before 1.28.0) contains an authentication logic bug relating to master authentication tokens that bypasses feed visibility restrictions. This creates an IDOR-style weakness where, if anonymous viewing is enabled, default user feeds could be viewable while feeds of other users should rem...