XSS in Fedify-dev Hollo

CVE-2025-53941

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes t…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (13.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-53941?
CVE-2025-53941 is a medium-severity vulnerability in Fedify-dev Hollo, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2025-07-17.
How severe is CVE-2025-53941?
Medium severity. CVSS v3 base score is 6.1 out of 10.