Medium severity6.1OSV Advisory· Published Jul 17, 2025· Updated Apr 15, 2026

CVE-2025-53941

Description

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.

Affected products

Fedify Dev/HolloOSV
Range: 0.1.0, 0.2.0, 0.3.0, …

Patches

bf7773659979

https://github.com/fedify-dev/hollovia osv

f9d25e10ba54

https://github.com/fedify-dev/hollovia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410nvd
github.com/fedify-dev/hollo/releases/tag/0.6.5nvd
github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8hnvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000