Primary

Context

Vickey Unexpired Email Confirmation Link Reuse Vulnerability

Vulnerability

A vulnerability in Vickey, a Misskey-based microblogging platform, exists in versions prior to 2025.10.0. The issue allows unexpired email confirmation links to be reused, leading to repeated confirmation emails being sent to a verified email address. This could result in unnecessary email traffic, although it does not compromise user data. The vulnerability was addressed in version 2025.10.0 by enhancing the validation logic to ensure that verification links function correctly after they have been used.

Impact

Exploitation of this vulnerability could cause a verified email address to receive multiple confirmation emails, creating unnecessary email traffic.

Remediation

Users can upgrade to Vickey version 2025.10.0 or later to address this vulnerability.

Added: Oct 13, 2025, 6:18 PM

Updated: Oct 13, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vickey Unexpired Email Confirmation Link Reuse Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating