Main Vulnerability Database SB2025011675

SB2025011675 - Input validation error in Mastodon

Published: January 16, 2025 Updated: April 23, 2026

Security Bulletin ID SB2025011675

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause a partial denial of service.

The vulnerability exists due to improper input validation in remote actor validation and error handling when processing remote actors. A remote attacker can send invalid actor data to cause a partial denial of service.

Exploitation can prevent the server from correctly processing deletions of local accounts, deletion of targeted local posts, and delivery of activities from targeted local accounts to remote servers.

Remediation

Install update from vendor's website.

References

https://github.com/mastodon/mastodon/security/advisories/GHSA-5wxh-3p65-r4g6