CVE-2025-53546 | THREATINT

Description

Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate GITHUB_TOKEN which has high privileges. GITHUB_TOKEN can be used to completely overtake the repo since the token has content write privileges. This vulnerability is fixed in commit 585c6a591440cd39f92374230ac5d65d7dd23d6a.

PUBLISHED Reserved 2025-07-02 | Published 2025-07-09 | Updated 2025-07-09 | Assigner GitHub_M

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

Product status

< 585c6a591440cd39f92374230ac5d65d7dd23d6a

affected

References

github.com/...t/Folo/security/advisories/GHSA-h87r-5w74-qfm4 exploit

github.com/...t/Folo/security/advisories/GHSA-h87r-5w74-qfm4

github.com/...ommit/585c6a591440cd39f92374230ac5d65d7dd23d6a

cve.org (CVE-2025-53546)

nvd.nist.gov (CVE-2025-53546)

Download JSON