CVE-2025-68148
HTTP 429 Denial of Service in FreshRSS Feed Proxy
Publication date: 2025-12-27
Last updated on: 2025-12-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freshrss | freshrss | 1.27.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in FreshRSS versions 1.27.0 to before 1.28.0 allows an attacker to cause a global denial of access to feeds by modifying proxy responses to return a 429 Retry-After status for a large list of feeds on the instance, making the service unusable for most users. It has been fixed in version 1.28.0.
How can this vulnerability impact me? :
The vulnerability can impact you by making the FreshRSS service unusable for the majority of users due to a global denial of access to feeds, which disrupts normal access and availability of RSS feeds.
What immediate steps should I take to mitigate this vulnerability?
Upgrade FreshRSS to version 1.28.0 or later, as this version contains the patch that fixes the vulnerability allowing attackers to cause a denial of service by modifying responses to 429 Retry-After status codes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability impacts availability by allowing denial of service to RSS feeds but does not affect confidentiality or integrity of data. There is no information indicating that this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP responses from FreshRSS feed requests for unusual 429 Too Many Requests status codes accompanied by Retry-After headers with large values (e.g., Retry-After: 10000). To detect exploitation attempts or presence of malicious proxies, you can capture and inspect HTTP traffic to identify repeated 429 responses with Retry-After headers affecting multiple feeds. Commands such as using curl to fetch feeds and observe headers, or using network traffic analysis tools like tcpdump or Wireshark to filter HTTP/2 429 responses, can help. For example, you can run: 1) curl -I <feed_url> to check HTTP headers for 429 status and Retry-After header; 2) tcpdump -i <interface> -A 'tcp port 80 or 443' | grep -i 'HTTP/2 429' to capture relevant HTTP responses; 3) Use proxy tools like Burp Suite to intercept and analyze feed responses for manipulated Retry-After headers. These methods help identify if a proxy is injecting false Retry-After headers causing denial of service. [1]