- Description
- Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- misskey
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-862
- Hype score
- Not currently trending
CVE-2025-66402 Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission t… https://t.co/28QNmaW5u4
@CVEnew
21 Dec 2025
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
misskey-js affected by private data exposure (CVE-2025-66402). Export function includes private post data, risking unauthorized access to sensitive information. https://t.co/3eSkCt5zJf
@pulsepatchio
15 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Misskeyに関する複数の脆弱性を発表しました。 Misskeyをお持ちの方は最新版にアップデートしましょう ▼ CVE-2025-66482 (CVSS v4 6.9) https://t.co/3b2Lz8r0Hb ▼ CVE-2025-66402 (CVSS v4 7.1) https://t.co/VrwZPWh3Cd
@kakkokari_gtyih
14 Dec 2025
218 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA8B906-8DD2-4D82-90A7-AD955FEF15FC",
"versionEndExcluding": "2025.12.0",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "786B1922-6E2E-48B5-8AA6-16566BDC39EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "856F7093-6778-4449-A6B2-FADF0CC81BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "4AEFFF0D-A3ED-41AF-B5F2-7E3E2CCB3E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "4615D7DB-9603-482D-8615-C09E8F41B204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "D58C35C6-5F19-4588-B369-84275C2878F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "7A4672A2-20B7-403A-8430-A6D206D6B032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "A1BAC1C3-CB0C-4C16-83C7-A18A4A7D3676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "E1C4D34E-1B6B-48A7-8FA7-F0872C63C727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta27:*:*:*:*:*:*",
"matchCriteriaId": "94E0E909-C42C-40B5-A4B5-D64049443903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta28:*:*:*:*:*:*",
"matchCriteriaId": "CE544D6C-44DB-4E68-BFCE-DABC08EE3803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta29:*:*:*:*:*:*",
"matchCriteriaId": "9F7A9629-9216-4F67-BF4E-69792256CFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta30:*:*:*:*:*:*",
"matchCriteriaId": "5DB2EE81-D8F4-4A42-B6EA-B78B58782EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta31:*:*:*:*:*:*",
"matchCriteriaId": "75364266-87FE-4DED-8DCC-B1B853C1EB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta32:*:*:*:*:*:*",
"matchCriteriaId": "0F76B069-5894-4652-8376-314CE5FC8D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta33:*:*:*:*:*:*",
"matchCriteriaId": "53072C15-3DC2-40D9-A382-93308C74E7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta34:*:*:*:*:*:*",
"matchCriteriaId": "0EFC41E8-E58B-4845-8B04-9DBCE9A6BAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta35:*:*:*:*:*:*",
"matchCriteriaId": "98307089-97A5-472B-9E5F-E2E189DD2EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta36:*:*:*:*:*:*",
"matchCriteriaId": "439214AC-1F4D-423E-90B3-6118EC243D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta37:*:*:*:*:*:*",
"matchCriteriaId": "94AFD144-D4D9-42A8-8D89-59B18ED3521A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta38:*:*:*:*:*:*",
"matchCriteriaId": "7379A64A-E7AF-4F75-A30A-FB6FE3DA40B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta39:*:*:*:*:*:*",
"matchCriteriaId": "37709BF9-683C-41A2-8FBB-37FEA4272FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta40:*:*:*:*:*:*",
"matchCriteriaId": "3CDB27CA-2511-4831-8319-FC48DCC61083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta41:*:*:*:*:*:*",
"matchCriteriaId": "1C269183-FE50-414E-B6C9-62111A540BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta42:*:*:*:*:*:*",
"matchCriteriaId": "8749073C-9460-4ACB-8513-B086824901BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:beta43:*:*:*:*:*:*",
"matchCriteriaId": "DC898D70-9A29-4660-A08C-6F4C72729651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "03565A9E-D7C3-4116-B5D9-7C9A52173716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "8C5BA7A5-51D0-46C4-BABA-22A1BE25F24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc11:*:*:*:*:*:*",
"matchCriteriaId": "C9F878A3-A229-46B1-8E1A-894FBE86A974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D6847DE7-005E-4D84-95FB-A240B2EC042B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5EDB186E-DC4E-4965-B72A-C7267DACB32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D2DF0AC2-1BFD-43B8-8DDC-8727E5A44060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "13568C76-3F2E-475C-B8B6-E7FBF1F7BCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "9050C737-F150-4BA9-A503-069BC8D8B24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E89A86DC-7164-4857-8FF7-3AD66CCA5C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "8E76C67E-94B5-42C6-8777-C83F1C51830C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:misskey:misskey:13.0.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "8A6D3B97-247F-4ED7-942F-2962C0990A1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]