Vulnerability DatabaseCVE-2025-67500

CVE-2025-67500:
NixOS vulnerability analysis and mitigation

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request with a non-English Accept-Language header. Using this behavior, an attacker who knows the identifier of a particular status they are not allowed to see can confirm whether this status exists or not. This cannot be used to learn the contents of the status or any other property besides its existence. This issue is fixed in versions 4.2.28, 4.3.15, 4.4.10 and 4.5.3.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

3.7

Score

Published December 10, 2025

Severity LOW

CNA Score 3.7

Affected Technologies

NixOS
Mastodon

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 17

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

cpe:2.3:a:joinmastodon:mastodon
mastodon

Sources

Nix
- Nix Severity LOWHas FixAdded at: Dec 22, 2025
VulnCheck NVD++
- Linux Severity LOWHas FixAdded at: Dec 11, 2025
NVD
- Linux Severity LOWHas FixAdded at: Dec 22, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related NixOS vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-69264	CRITICAL	9.8	JavaScript	pnpm	No	Yes	Jan 07, 2026
CVE-2025-69263	HIGH	8.8	JavaScript	pnpm	No	Yes	Jan 07, 2026
CVE-2025-69262	HIGH	7.8	JavaScript	pnpm	No	Yes	Jan 07, 2026
CVE-2025-20807	MEDIUM	6.7	NixOS	android	No	No	Jan 06, 2026
CVE-2026-21885	MEDIUM	6.5	NixOS	miniflux	No	Yes	Jan 08, 2026