Resource exhaustion in Whimsies-yat Vickey
CVE-2025-61775
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email ad…
EPSS: 0.003 (22.5th percentile) — read the EPSS interpretation.
Affected products
- Whimsies-yat Vickey — versions < 2025.10.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2025-61775?
- CVE-2025-61775 is a vulnerability in Whimsies-yat Vickey, classified under Insufficient Session Expiration. Published 2025-10-13.
- Is CVE-2025-61775 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.