CVE-2025-60538

Description

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.

PUBLISHED Reserved 2025-09-26 | Published 2026-01-09 | Updated 2026-01-09 | Assigner mitre

References

github.com/go-shiori/shiori

github.com/go-shiori/shiori/issues/1138

cve.org (CVE-2025-60538)

nvd.nist.gov (CVE-2025-60538)

Download JSON