Vulnerability in Immich-app Immich

CVE-2025-43856

immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is simil…

EPSS: 0.002 (46.7th percentile) — read the EPSS interpretation.

Affected products

Immich-app Immich — versions < 1.132.0

Weakness classification (CWE)

CWE-303 — Incorrect Implementation of Authentication Algorithm

References

https://github.com/immich-app/immich/security/advisories/GHSA-3832-6r8h-9cfm (x_refsource_CONFIRM)