CVE-2025-53546

Name of the Vulnerable Software and Affected Versions: Folo (affected versions not specified)

Description: Folo organizes feeds content into one timeline. The use of pull request target in the .github/workflows/auto-fix-lint-format-commit.yml workflow file can be exploited by attackers to execute untrusted code with full access to repository secrets. This allows for the exfiltration of the GITHUB TOKEN, which possesses high privileges, including content write access, enabling complete control over the repository.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.