CVE-2025-23221

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 20, 2025

CWE ID 835

CWE ID 918

Summary

CVE-2025-23221 is a vulnerability affecting the Fedidy library used for building federated server apps. This issue enables an attacker to manipulate the Webfinger mechanism, triggering unauthorized GET requests to internal resources on any server, regardless of existing security measures. This can result in a Denial of Service attack through an infinite loop. Additionally, this vulnerability can be exploited for Blind Server-Side Request Forgery (SSRF) attacks. The affected versions include 1.0.x, 1.1.x, 1.2.x, and 1.3.x, and the vulnerability has been addressed in the releases 1.0.14, 1.1.11, 1.2.11, and 1.3.4.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2cH4rF
https://www.cve.org/CVERecord?id=CVE-2025-23221
https://nvd.nist.gov/vuln/detail/CVE-2025-23221

Back to Vulnerability Database

CVE-2025-23221

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations