CVE-2025-23221
CVSS 3.1 Score 5.4 of 10 (medium)
Scope changed
Attack Complexity high
Confidentiality low
Availability low
Integrity none
Privileges Required none
Details
Published Jan 20, 2025
CWE ID 835
CWE ID 918
Summary
CVE-2025-23221 is a vulnerability affecting the Fedidy TypeScript library used for building federated server apps. It allows malicious users to manipulate the Webfinger mechanism, causing the library to perform unintended GET requests to internal resources on any Host, Port, URL combination, bypassing security measures. This can lead to a Denial of Service attack via infinite loops. Additionally, this issue can be exploited for Blind SSRF attacks. The vulnerability has been addressed in versions 1.0.14, 1.1.11, 1.2.11, and 1.3.4.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share