🚨 Security Advisory: CVE-2025-68475
A ReDoS (Regular Expression Denial of Service) vulnerability has been discovered in Fedify's HTML parsing code. This vulnerability could allow a malicious federated server to cause denial of service by sending specially crafted HTML responses.
| CVE ID | CVE-2025-68475 |
| Severity | High (CVSS 7.5) |
| Affected versions | ≤1.9.1 |
| Patched versions | 1.6.13, 1.7.14, 1.8.15, 1.9.2 |
If you're running Fedify in production, please upgrade to one of the patched versions immediately.
For full details, see the security advisory: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
Thank you to Yue (Knox) Liu for responsibly reporting this vulnerability.
