The flaw was fixed as of 4.2.5, released yesterday, which all Mastodon server administrators are advised to upgrade to as soon as possible to protect users of their instances. Mastodon promised to share more information on Feb. 15 2024 about CVE-2024-23832 after withholding technical details for the time being to prevent active exploitation of the vulnerability.