Liked by

@fedify@hollo.social

🚨 Security Advisory: CVE-2025-68475

A ReDoS (Regular Expression Denial of Service) vulnerability has been discovered in Fedify's HTML parsing code. This vulnerability could allow a malicious federated server to cause denial of service by sending specially crafted HTML responses.


CVE ID	CVE-2025-68475
Severity	High (CVSS 7.5)
Affected versions	≤1.9.1
Patched versions	1.6.13, 1.7.14, 1.8.15, 1.9.2

If you're running Fedify in production, please upgrade to one of the patched versions immediately.

For full details, see the security advisory: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93

Thank you to Yue (Knox) Liu for responsibly reporting this vulnerability.

#Fedify #ActivityPub #security #fediverse #fedidev

github.com

ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Servic...

7 likes

Ikkle Gemz Universe+
@ikklegemzuniverseplus@ohai.social
Additional account of @IkkleGemzUniverse.
I boost a lot on this account but not on my main one.
chiasm
@chiasm@mastodon.online
scientist, academic, science fiction reader
Anime watcher
Learning Japanese (::fingers crossed::)
Isaac
@isaac@hachyderm.io
#UX designer who thinks about technology and privacy. he/him. Married, father.
Languages: English, ASL (I'm hard of hearing), Spanish. Speaking a little or learning: LESHO, German, and Russian.
shadowwwind
@shadowwwind@fosstodon.org
Fighting for privacy and climate
Reviews:
"Wenn man das Alter nach Gedächnis beurteilen würde, wärst du so alt wie Scholz" @kxkx_uwu
James
@nonzerosumjames.bsky.social@bsky.brid.gy
Join a bleeding-heart liberal and compulsive speculator rambling about saving the world with win-win games at nonzerosum.games!

🌉 bridged from 🦋 nonzerosumjames.bsky.social, follow @bsky.brid.gy to interact
Chris Hayes
@chris@nutmeg.social
👨‍💻 I make websites—shops, 3D, brands, museums
🏠 #Connecticut, USA
I post about #WebDev, #Design, and #Privacy.
I boost a lot of #Nature, #Tech, #Art, #Space and #USPol.
Photos are my own unless noted otherwise.
julian
@julian@activitypub.space
Co-Founder (NodeBB) | Husband 🤷‍♂️ and Dad 🙉 to three | Rock Climber 🧗‍♂️ | Foodie 🥙 | Conductor 🎵 | Saxophonist 🎷

✅ Small teams craft better code.
🇨🇦 Made in Canada
🗨️ Federating NodeBB with funding from NLNet ♥️🇪🇺