ByteOS Network

Vulnerability Details :

CVE-2025-46553

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-05 May, 2025 | 18:28

Updated At-05 May, 2025 | 18:50

@misskey-dev/summaly Redirect Filter Bypass

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:05 May, 2025 | 18:28

Updated At:05 May, 2025 | 18:50

▼CVE Numbering Authority (CNA)

@misskey-dev/summaly Redirect Filter Bypass

Affected Products

Vendor

misskey-dev

Product

summaly

Versions

Affected

>= 3.0.1, < 5.2.1

Problem Types

Type	CWE ID	Description
CWE	CWE-693	CWE-693: Protection Mechanism Failure
CWE	CWE-601	CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE	CWE-665	CWE-665: Improper Initialization
CWE	CWE-669	CWE-669: Incorrect Resource Transfer Between Spheres

Type: CWE

CWE ID: CWE-693

Description: CWE-693: Protection Mechanism Failure

Type: CWE

CWE ID: CWE-601

Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Type: CWE

CWE ID: CWE-665

Description: CWE-665: Improper Initialization

Type: CWE

CWE ID: CWE-669

Description: CWE-669: Incorrect Resource Transfer Between Spheres

Metrics

Version	Base score	Base severity	Vector
4.0	2.1	LOW	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P

Version: 4.0

Base score: 2.1

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P

References

Hyperlink	Resource
https://github.com/misskey-dev/summaly/security/advisories/GHSA-7899-w6c4-vqc4	x_refsource_CONFIRM
https://github.com/misskey-dev/summaly/commit/45153b4f08a772c395a13f7a25399dd87ed022ed	x_refsource_MISC

Hyperlink: https://github.com/misskey-dev/summaly/security/advisories/GHSA-7899-w6c4-vqc4

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/misskey-dev/summaly/commit/45153b4f08a772c395a13f7a25399dd87ed022ed

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:05 May, 2025 | 19:15

Updated At:05 May, 2025 | 20:54

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.1	LOW	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 2.1

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X