Home > Vulnerability Database > CVE-2025-62175

Mend.io Vulnerability Database

CVE-2025-62175

Good to know:

Date: October 13, 2025

Mastodon is an open source, federated social network server. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updates through existing streaming connections and to establish new streaming connections, even though they cannot interact with other API endpoints. This undermines moderation actions, as administrators expect disabled or suspended accounts to be fully disconnected from the service. This issue has been patched in versions 4.4.6, 4.3.14, and 4.2.27. No known workarounds exist.

Severity Score

4.3

Related Resources (4)

Url: https://github.com/mastodon/mastodon/commit/2971ac9863b91372e68ac152caf6f4dbff511d17

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62175

Url: https://github.com/mastodon/mastodon/security/advisories/GHSA-r2fh-jr9c-9pxh

Url: https://www.mend.io/vulnerability-database/CVE-2025-62175

Severity Score

4.3

Weakness Type (CWE)

Improper Check for Dropped Privileges

CWE-273

Improper Handling of Insufficient Privileges

CWE-274

Top Fix

Upgrade Version

Upgrade to version https://github.com/mastodon/mastodon.git - v4.2.27;https://github.com/mastodon/mastodon.git - v4.3.14

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62175

Good to know:

Date: October 13, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?