5 matches found
Authentication Bypass
Fedify is vulnerable to authentication bypass. The vulnerability is due to processing forged activities before verifying that the signing key belongs to the claimed actor, which allows an attacker to impersonate any ActivityPub actor across all Fedify instances...
CVE-2025-54888
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...
Improper Authentication
Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Improper Authentication via the handleInboxInternal function in the federation/handler.ts file. An attacker can impersonate any actor across all instances by sending forged activities...
CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...
CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...