QwikSec

Security Database

CVE

CWE

Training

CVE-2025-66402

Published: Dec 15, 2025

Modified: Dec 16, 2025

PUBLISHED

Description

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.

Vendor	Product	Versions
misskey-dev	misskey	affected `>= 13.0.0-beta.16, < 2025.12.0`

Weaknesses (CWE)

References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-496g-mmpw-j9x3

x_refsource_CONFIRM

https://github.com/misskey-dev/misskey/commit/dc77d59f8712d3fe0b73cd4af2035133839cd57b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.