XSS in Fedify-dev Hollo
CVE-2025-53941
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes t…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (13.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Fedify-dev Hollo — versions < 0.6.5
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-53941?
- CVE-2025-53941 is a medium-severity vulnerability in Fedify-dev Hollo, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2025-07-17.
- How severe is CVE-2025-53941?
- Medium severity. CVSS v3 base score is 6.1 out of 10.