CVE-2025-30741

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-30741

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-30741.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-30741

Aliases

GHSA-7287-grhx-542x

Published

2025-03-25T21:15:43.527Z

Modified

2026-03-20T04:22:35.028932Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.

References

Affected packages

Git / github.com/pixelfed/pixelfed

Affected ranges

Type

GIT

Repo

https://github.com/pixelfed/pixelfed

Events

Introduced

Fixed

9e34cfe9df56b24c64925de90a208ceacfc07ce0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.5"
        }
    ]
}

Affected versions

v0.*

v0.1.9

v0.10.0

v0.10.1

v0.10.10

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.7

v0.10.8

v0.10.9

v0.11.0

v0.11.1

v0.11.10

v0.11.11

v0.11.12

v0.11.13

v0.11.2

v0.11.3

v0.11.4

v0.11.5

v0.11.6

v0.11.7

v0.11.8

v0.11.9

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.5.9

v0.6.0

v0.6.1

v0.7.6

v0.8.0

v0.8.5

v0.8.6

v0.9.0

v0.9.4

v0.9.5

v0.9.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-30741.json"