Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-gkwt-vsxg-pbh7
SummaryMastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updates through existing streaming connections and to establish new streaming connections, even though they cannot interact with other API endpoints. This undermines moderation actions, as administrators expect disabled or suspended accounts to be fully disconnected from the service. This issue has been patched in versions 4.4.6, 4.3.14, and 4.2.27. No known workarounds exist.
Aliases
0
alias CVE-2025-62175
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62175
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.1867
published_at 2026-06-11T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18833
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62175
1
reference_url https://github.com/mastodon/mastodon/commit/2971ac9863b91372e68ac152caf6f4dbff511d17
reference_id 2971ac9863b91372e68ac152caf6f4dbff511d17
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T13:56:52Z/
url https://github.com/mastodon/mastodon/commit/2971ac9863b91372e68ac152caf6f4dbff511d17
2
reference_url https://github.com/mastodon/mastodon/security/advisories/GHSA-r2fh-jr9c-9pxh
reference_id GHSA-r2fh-jr9c-9pxh
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T13:56:52Z/
url https://github.com/mastodon/mastodon/security/advisories/GHSA-r2fh-jr9c-9pxh
Weaknesses
0
cwe_id 273
name Improper Check for Dropped Privileges
description The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
1
cwe_id 274
name Improper Handling of Insufficient Privileges
description The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Exploits
Severity_range_score4.3 - 4.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-gkwt-vsxg-pbh7