CVE-2025-60538 — Vulnetix

CVE-2025-60538 PUBLISHED CVSS 6.5 MEDIUM

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.

EPSS 0.03% · 7.6th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS Score

0.03%

7.6th percentile

Affected Products

Vendor	Product	Versions
github.com	go-shiori/shiori	0
n/a	n/a	n/a
go-shiori	shiori	0

Timeline

Jan 9, 2026 CVE Published
Jan 10, 2026 EPSS Score
Jan 13, 2026 CVE Updated
Jan 13, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 22, 2026 EPSS Score
Jan 25, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 4, 2026 EPSS Score
Feb 7, 2026 EPSS Score

References

https://github.com/go-shiori/shiori package
https://github.com/go-shiori/shiori/issues/1138 url
https://nvd.nist.gov/vuln/detail/CVE-2025-60538 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›