CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-46340

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlPreview`, it is possible for an attacker to inject arbitrary CSS into the `MkUrlPreview` component. `UrlPreviewService.wrap` falls back to returning the original URL if it's using a protocol that is likely to not be understood by Misskey, IE something other than `http` or `https`. This both can de-anonymize users and_allow further attacks in the client. Additionally, `MkUrlPreview` doesn't escape CSS when applying a `background-image` property, allowing an attacker to craft a URL that applies arbitrary styles to the preview element. Theoretically, an attacker can craft a CSS injection payload to create a fake error message that can deceive the user into giving away their credentials or similar sensitive information. Version 2025.4.1 contains a patch for the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.2%

CVSS Severity

CVSS v3 Score 7.2

References

Products affected by CVE-2025-46340

Misskey » Misskey » Version: 12.0.0

cpe:2.3:a:misskey:misskey:12.0.0
Misskey » Misskey » Version: 12.1.0

cpe:2.3:a:misskey:misskey:12.1.0
Misskey » Misskey » Version: 12.10.0

cpe:2.3:a:misskey:misskey:12.10.0
Misskey » Misskey » Version: 12.11.0

cpe:2.3:a:misskey:misskey:12.11.0
Misskey » Misskey » Version: 12.12.0

cpe:2.3:a:misskey:misskey:12.12.0
Misskey » Misskey » Version: 12.13.0

cpe:2.3:a:misskey:misskey:12.13.0
Misskey » Misskey » Version: 12.14.0

cpe:2.3:a:misskey:misskey:12.14.0
Misskey » Misskey » Version: 12.15.0

cpe:2.3:a:misskey:misskey:12.15.0
Misskey » Misskey » Version: 12.16.0

cpe:2.3:a:misskey:misskey:12.16.0
Misskey » Misskey » Version: 12.17.0

cpe:2.3:a:misskey:misskey:12.17.0
Misskey » Misskey » Version: 12.18.0

cpe:2.3:a:misskey:misskey:12.18.0
Misskey » Misskey » Version: 12.18.1

cpe:2.3:a:misskey:misskey:12.18.1
Misskey » Misskey » Version: 12.19.0

cpe:2.3:a:misskey:misskey:12.19.0
Misskey » Misskey » Version: 12.2.0

cpe:2.3:a:misskey:misskey:12.2.0
Misskey » Misskey » Version: 12.20.0

cpe:2.3:a:misskey:misskey:12.20.0
Misskey » Misskey » Version: 12.21.0

cpe:2.3:a:misskey:misskey:12.21.0
Misskey » Misskey » Version: 12.22.0

cpe:2.3:a:misskey:misskey:12.22.0
Misskey » Misskey » Version: 12.23.0

cpe:2.3:a:misskey:misskey:12.23.0
Misskey » Misskey » Version: 12.24.0

cpe:2.3:a:misskey:misskey:12.24.0
Misskey » Misskey » Version: 12.24.1

cpe:2.3:a:misskey:misskey:12.24.1
Misskey » Misskey » Version: 12.24.2

cpe:2.3:a:misskey:misskey:12.24.2
Misskey » Misskey » Version: 12.25.0

cpe:2.3:a:misskey:misskey:12.25.0
Misskey » Misskey » Version: 12.26.0

cpe:2.3:a:misskey:misskey:12.26.0
Misskey » Misskey » Version: 12.27.0

cpe:2.3:a:misskey:misskey:12.27.0
Misskey » Misskey » Version: 12.27.1

cpe:2.3:a:misskey:misskey:12.27.1
Misskey » Misskey » Version: 12.28.0

cpe:2.3:a:misskey:misskey:12.28.0
Misskey » Misskey » Version: 12.29.0

cpe:2.3:a:misskey:misskey:12.29.0
Misskey » Misskey » Version: 12.3.0

cpe:2.3:a:misskey:misskey:12.3.0
Misskey » Misskey » Version: 12.30.0

cpe:2.3:a:misskey:misskey:12.30.0
Misskey » Misskey » Version: 12.31.0

cpe:2.3:a:misskey:misskey:12.31.0
Misskey » Misskey » Version: 12.32.0

cpe:2.3:a:misskey:misskey:12.32.0
Misskey » Misskey » Version: 12.33.0

cpe:2.3:a:misskey:misskey:12.33.0
Misskey » Misskey » Version: 12.34.0

cpe:2.3:a:misskey:misskey:12.34.0
Misskey » Misskey » Version: 12.35.0

cpe:2.3:a:misskey:misskey:12.35.0
Misskey » Misskey » Version: 12.35.1

cpe:2.3:a:misskey:misskey:12.35.1
Misskey » Misskey » Version: 12.35.2

cpe:2.3:a:misskey:misskey:12.35.2
Misskey » Misskey » Version: 12.36.0

cpe:2.3:a:misskey:misskey:12.36.0
Misskey » Misskey » Version: 12.36.1

cpe:2.3:a:misskey:misskey:12.36.1
Misskey » Misskey » Version: 12.37.0

cpe:2.3:a:misskey:misskey:12.37.0
Misskey » Misskey » Version: 12.38.0

cpe:2.3:a:misskey:misskey:12.38.0
Misskey » Misskey » Version: 12.38.1

cpe:2.3:a:misskey:misskey:12.38.1
Misskey » Misskey » Version: 12.39.0

cpe:2.3:a:misskey:misskey:12.39.0
Misskey » Misskey » Version: 12.39.1

cpe:2.3:a:misskey:misskey:12.39.1
Misskey » Misskey » Version: 12.4.0

cpe:2.3:a:misskey:misskey:12.4.0
Misskey » Misskey » Version: 12.4.1

cpe:2.3:a:misskey:misskey:12.4.1
Misskey » Misskey » Version: 12.40.0

cpe:2.3:a:misskey:misskey:12.40.0
Misskey » Misskey » Version: 12.41.0

cpe:2.3:a:misskey:misskey:12.41.0
Misskey » Misskey » Version: 12.41.1

cpe:2.3:a:misskey:misskey:12.41.1
Misskey » Misskey » Version: 12.41.2

cpe:2.3:a:misskey:misskey:12.41.2
Misskey » Misskey » Version: 12.41.3

cpe:2.3:a:misskey:misskey:12.41.3
Misskey » Misskey » Version: 12.42.0

cpe:2.3:a:misskey:misskey:12.42.0
Misskey » Misskey » Version: 12.43.0

cpe:2.3:a:misskey:misskey:12.43.0
Misskey » Misskey » Version: 12.44.0

cpe:2.3:a:misskey:misskey:12.44.0
Misskey » Misskey » Version: 12.44.1

cpe:2.3:a:misskey:misskey:12.44.1
Misskey » Misskey » Version: 12.45.0

cpe:2.3:a:misskey:misskey:12.45.0
Misskey » Misskey » Version: 12.45.1

cpe:2.3:a:misskey:misskey:12.45.1
Misskey » Misskey » Version: 12.46.0

cpe:2.3:a:misskey:misskey:12.46.0
Misskey » Misskey » Version: 12.47.0

cpe:2.3:a:misskey:misskey:12.47.0
Misskey » Misskey » Version: 12.47.1

cpe:2.3:a:misskey:misskey:12.47.1
Misskey » Misskey » Version: 12.48.0

cpe:2.3:a:misskey:misskey:12.48.0
Misskey » Misskey » Version: 12.48.1

cpe:2.3:a:misskey:misskey:12.48.1
Misskey » Misskey » Version: 12.48.2

cpe:2.3:a:misskey:misskey:12.48.2
Misskey » Misskey » Version: 12.48.3

cpe:2.3:a:misskey:misskey:12.48.3
Misskey » Misskey » Version: 12.49.0

cpe:2.3:a:misskey:misskey:12.49.0
Misskey » Misskey » Version: 12.49.1

cpe:2.3:a:misskey:misskey:12.49.1
Misskey » Misskey » Version: 12.5.0

cpe:2.3:a:misskey:misskey:12.5.0
Misskey » Misskey » Version: 12.50.0

cpe:2.3:a:misskey:misskey:12.50.0
Misskey » Misskey » Version: 12.51.0

cpe:2.3:a:misskey:misskey:12.51.0
Misskey » Misskey » Version: 12.52.0

cpe:2.3:a:misskey:misskey:12.52.0
Misskey » Misskey » Version: 12.53.0

cpe:2.3:a:misskey:misskey:12.53.0
Misskey » Misskey » Version: 12.54.0

cpe:2.3:a:misskey:misskey:12.54.0
Misskey » Misskey » Version: 12.55.0

cpe:2.3:a:misskey:misskey:12.55.0
Misskey » Misskey » Version: 12.56.0

cpe:2.3:a:misskey:misskey:12.56.0
Misskey » Misskey » Version: 12.57.0

cpe:2.3:a:misskey:misskey:12.57.0
Misskey » Misskey » Version: 12.57.1

cpe:2.3:a:misskey:misskey:12.57.1
Misskey » Misskey » Version: 12.57.4

cpe:2.3:a:misskey:misskey:12.57.4
Misskey » Misskey » Version: 12.58.0

cpe:2.3:a:misskey:misskey:12.58.0
Misskey » Misskey » Version: 12.59.0

cpe:2.3:a:misskey:misskey:12.59.0
Misskey » Misskey » Version: 12.6.0

cpe:2.3:a:misskey:misskey:12.6.0
Misskey » Misskey » Version: 12.60.0

cpe:2.3:a:misskey:misskey:12.60.0
Misskey » Misskey » Version: 12.60.1

cpe:2.3:a:misskey:misskey:12.60.1
Misskey » Misskey » Version: 12.61.0

cpe:2.3:a:misskey:misskey:12.61.0
Misskey » Misskey » Version: 12.61.1

cpe:2.3:a:misskey:misskey:12.61.1
Misskey » Misskey » Version: 12.62.0

cpe:2.3:a:misskey:misskey:12.62.0
Misskey » Misskey » Version: 12.62.1

cpe:2.3:a:misskey:misskey:12.62.1
Misskey » Misskey » Version: 12.62.2

cpe:2.3:a:misskey:misskey:12.62.2
Misskey » Misskey » Version: 12.63.0

cpe:2.3:a:misskey:misskey:12.63.0
Misskey » Misskey » Version: 12.64.0

cpe:2.3:a:misskey:misskey:12.64.0
Misskey » Misskey » Version: 12.64.1

cpe:2.3:a:misskey:misskey:12.64.1
Misskey » Misskey » Version: 12.64.2

cpe:2.3:a:misskey:misskey:12.64.2
Misskey » Misskey » Version: 12.65.0

cpe:2.3:a:misskey:misskey:12.65.0
Misskey » Misskey » Version: 12.65.1

cpe:2.3:a:misskey:misskey:12.65.1
Misskey » Misskey » Version: 12.65.2

cpe:2.3:a:misskey:misskey:12.65.2
Misskey » Misskey » Version: 12.65.3

cpe:2.3:a:misskey:misskey:12.65.3
Misskey » Misskey » Version: 12.65.4

cpe:2.3:a:misskey:misskey:12.65.4
Misskey » Misskey » Version: 12.65.5

cpe:2.3:a:misskey:misskey:12.65.5
Misskey » Misskey » Version: 12.65.6

cpe:2.3:a:misskey:misskey:12.65.6
Misskey » Misskey » Version: 12.65.7

cpe:2.3:a:misskey:misskey:12.65.7
Misskey » Misskey » Version: 12.66.0

cpe:2.3:a:misskey:misskey:12.66.0
Misskey » Misskey » Version: 12.67.0

cpe:2.3:a:misskey:misskey:12.67.0
Misskey » Misskey » Version: 12.67.1

cpe:2.3:a:misskey:misskey:12.67.1
Misskey » Misskey » Version: 12.68.0

cpe:2.3:a:misskey:misskey:12.68.0
Misskey » Misskey » Version: 12.69.0

cpe:2.3:a:misskey:misskey:12.69.0
Misskey » Misskey » Version: 12.7.0

cpe:2.3:a:misskey:misskey:12.7.0
Misskey » Misskey » Version: 12.7.1

cpe:2.3:a:misskey:misskey:12.7.1
Misskey » Misskey » Version: 12.70.0

cpe:2.3:a:misskey:misskey:12.70.0
Misskey » Misskey » Version: 12.71.0

cpe:2.3:a:misskey:misskey:12.71.0
Misskey » Misskey » Version: 12.72.0

cpe:2.3:a:misskey:misskey:12.72.0
Misskey » Misskey » Version: 12.73.0

cpe:2.3:a:misskey:misskey:12.73.0
Misskey » Misskey » Version: 12.74.0

cpe:2.3:a:misskey:misskey:12.74.0
Misskey » Misskey » Version: 12.74.1

cpe:2.3:a:misskey:misskey:12.74.1
Misskey » Misskey » Version: 12.75.0

cpe:2.3:a:misskey:misskey:12.75.0
Misskey » Misskey » Version: 12.75.1

cpe:2.3:a:misskey:misskey:12.75.1
Misskey » Misskey » Version: 12.76.0

cpe:2.3:a:misskey:misskey:12.76.0
Misskey » Misskey » Version: 12.76.1

cpe:2.3:a:misskey:misskey:12.76.1
Misskey » Misskey » Version: 12.77.0

cpe:2.3:a:misskey:misskey:12.77.0
Misskey » Misskey » Version: 12.77.1

cpe:2.3:a:misskey:misskey:12.77.1
Misskey » Misskey » Version: 12.78.0

cpe:2.3:a:misskey:misskey:12.78.0
Misskey » Misskey » Version: 12.79.0

cpe:2.3:a:misskey:misskey:12.79.0
Misskey » Misskey » Version: 12.79.1

cpe:2.3:a:misskey:misskey:12.79.1
Misskey » Misskey » Version: 12.79.2

cpe:2.3:a:misskey:misskey:12.79.2
Misskey » Misskey » Version: 12.79.3

cpe:2.3:a:misskey:misskey:12.79.3
Misskey » Misskey » Version: 12.8.0

cpe:2.3:a:misskey:misskey:12.8.0
Misskey » Misskey » Version: 12.80.0

cpe:2.3:a:misskey:misskey:12.80.0
Misskey » Misskey » Version: 12.80.1

cpe:2.3:a:misskey:misskey:12.80.1
Misskey » Misskey » Version: 12.80.2

cpe:2.3:a:misskey:misskey:12.80.2
Misskey » Misskey » Version: 12.80.3

cpe:2.3:a:misskey:misskey:12.80.3
Misskey » Misskey » Version: 12.81.0

cpe:2.3:a:misskey:misskey:12.81.0
Misskey » Misskey » Version: 12.81.1

cpe:2.3:a:misskey:misskey:12.81.1
Misskey » Misskey » Version: 12.81.2

cpe:2.3:a:misskey:misskey:12.81.2
Misskey » Misskey » Version: 12.82.0

cpe:2.3:a:misskey:misskey:12.82.0
Misskey » Misskey » Version: 12.83.0

cpe:2.3:a:misskey:misskey:12.83.0
Misskey » Misskey » Version: 12.84.0

cpe:2.3:a:misskey:misskey:12.84.0
Misskey » Misskey » Version: 12.84.1

cpe:2.3:a:misskey:misskey:12.84.1
Misskey » Misskey » Version: 12.84.2

cpe:2.3:a:misskey:misskey:12.84.2
Misskey » Misskey » Version: 12.84.3

cpe:2.3:a:misskey:misskey:12.84.3
Misskey » Misskey » Version: 12.85.0

cpe:2.3:a:misskey:misskey:12.85.0
Misskey » Misskey » Version: 12.85.1

cpe:2.3:a:misskey:misskey:12.85.1
Misskey » Misskey » Version: 12.86.0

cpe:2.3:a:misskey:misskey:12.86.0
Misskey » Misskey » Version: 12.87.0

cpe:2.3:a:misskey:misskey:12.87.0
Misskey » Misskey » Version: 12.88.0

cpe:2.3:a:misskey:misskey:12.88.0
Misskey » Misskey » Version: 12.89.0

cpe:2.3:a:misskey:misskey:12.89.0
Misskey » Misskey » Version: 12.89.1

cpe:2.3:a:misskey:misskey:12.89.1
Misskey » Misskey » Version: 12.89.2

cpe:2.3:a:misskey:misskey:12.89.2
Misskey » Misskey » Version: 12.9.0

cpe:2.3:a:misskey:misskey:12.9.0
Misskey » Misskey » Version: 12.90.0

cpe:2.3:a:misskey:misskey:12.90.0
Misskey » Misskey » Version: 12.90.1

cpe:2.3:a:misskey:misskey:12.90.1
Misskey » Misskey » Version: 2023.10.0

cpe:2.3:a:misskey:misskey:2023.10.0
Misskey » Misskey » Version: 2023.10.1

cpe:2.3:a:misskey:misskey:2023.10.1
Misskey » Misskey » Version: 2023.10.2

cpe:2.3:a:misskey:misskey:2023.10.2
Misskey » Misskey » Version: 2023.11.0

cpe:2.3:a:misskey:misskey:2023.11.0
Misskey » Misskey » Version: 2023.11.1

cpe:2.3:a:misskey:misskey:2023.11.1
Misskey » Misskey » Version: 2023.12.0

cpe:2.3:a:misskey:misskey:2023.12.0
Misskey » Misskey » Version: 2023.12.1

cpe:2.3:a:misskey:misskey:2023.12.1
Misskey » Misskey » Version: 2023.12.2

cpe:2.3:a:misskey:misskey:2023.12.2
Misskey » Misskey » Version: 2023.9.0

cpe:2.3:a:misskey:misskey:2023.9.0
Misskey » Misskey » Version: 2023.9.1

cpe:2.3:a:misskey:misskey:2023.9.1
Misskey » Misskey » Version: 2023.9.2

cpe:2.3:a:misskey:misskey:2023.9.2
Misskey » Misskey » Version: 2023.9.3

cpe:2.3:a:misskey:misskey:2023.9.3
Misskey » Misskey » Version: 2024.10.0

cpe:2.3:a:misskey:misskey:2024.10.0
Misskey » Misskey » Version: 2024.10.1

cpe:2.3:a:misskey:misskey:2024.10.1
Misskey » Misskey » Version: 2024.10.2

cpe:2.3:a:misskey:misskey:2024.10.2
Misskey » Misskey » Version: 2024.11.0

cpe:2.3:a:misskey:misskey:2024.11.0
Misskey » Misskey » Version: 2024.11.1

cpe:2.3:a:misskey:misskey:2024.11.1
Misskey » Misskey » Version: 2024.2.0

cpe:2.3:a:misskey:misskey:2024.2.0
Misskey » Misskey » Version: 2024.3.0

cpe:2.3:a:misskey:misskey:2024.3.0
Misskey » Misskey » Version: 2024.3.1

cpe:2.3:a:misskey:misskey:2024.3.1
Misskey » Misskey » Version: 2024.5.0

cpe:2.3:a:misskey:misskey:2024.5.0
Misskey » Misskey » Version: 2024.7.0

cpe:2.3:a:misskey:misskey:2024.7.0
Misskey » Misskey » Version: 2024.8.0

cpe:2.3:a:misskey:misskey:2024.8.0
Misskey » Misskey » Version: 2024.9.0

cpe:2.3:a:misskey:misskey:2024.9.0
Misskey » Misskey » Version: 2025.1.0

cpe:2.3:a:misskey:misskey:2025.1.0
Misskey » Misskey » Version: 2025.2.0

cpe:2.3:a:misskey:misskey:2025.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-46340

Products

Pricing

Contact Us