CVE-2025-53941

Published: Jul 17, 2025

Modified: Jul 17, 2025

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.

Vendor	Product	Versions
fedify-dev	hollo	affected `< 0.6.5`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h

x_refsource_CONFIRM

https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410

x_refsource_MISC

https://github.com/fedify-dev/hollo/releases/tag/0.6.5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53941

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References