CVE-2025-53546 | RSSNext Folo auto-fix-lint-format-commit.yml pull_request_target inclusion of functionality from untrusted control sphere

Inserito da Angelo Barbosa | Lug 9, 2025 | CVE

A vulnerability was found in RSSNext Folo and classified as critical. Affected by this issue is the function pull_request_target of the file github/workflows/auto-fix-lint-format-commit.yml. The manipulation leads to inclusion of functionality from untrusted control sphere.

This vulnerability is handled as CVE-2025-53546. The attack may be launched remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-53546 | RSSNext Folo auto-fix-lint-format-commit.yml pull_request_target inclusion of functionality from untrusted control sphere

Post correlati

CVE-2024-1771 | Total Plugin up to 2.1.59 on WordPress Sections Update authorization

CVE-2024-7112 | Pinpoint Booking System Plugin up to 2.9.9.5.0 on WordPress sql injection

CVE-2024-4295 | Icegram Express Email Subscribers Plugin up to 5.7.20 on WordPress hash sql injection

CVE-2024-7498 | itsourcecode Airline Reservation System 1.0 Admin Login Page /admin/login.php login/login2 username sql injection