CVE-2025-53546

CRITICAL

Folo - Code Injection

Title source: llm

Description

Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate GITHUB_TOKEN which has high privileges. GITHUB_TOKEN can be used to completely overtake the repo since the token has content write privileges. This vulnerability is fixed in commit 585c6a591440cd39f92374230ac5d65d7dd23d6a.

References (2)

[Vendor Advisory] https://github.com/RSSNext/Folo/security/advisories/GHSA-h87r-5w74-qfm4

[Patch] https://github.com/RSSNext/Folo/commit/585c6a591440cd39f92374230ac5d65d7dd23d6a

View Patch ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0008

EPSS Percentile 24.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-829

Status published

Products (1)

RSSNext/Folo < 585c6a591440cd39f92374230ac5d65d7dd23d6a

Published Jul 09, 2025

Tracked Since Feb 18, 2026