CVE Catalog

CVE-2025-61140

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

The value function in jsonpath version 1.1.1 in lib/index.js is vulnerable to Prototype Pollution. An attacker can exploit this flaw to modify object prototypes, potentially leading to unauthorized access or code execution.

Risk Assessment

The risk for the organization includes potential application takeover, data leakage, or privilege escalation through manipulation of JavaScript object prototypes.

Recommendation

It is recommended to immediately update the jsonpath library to the latest available version that fixes this vulnerability. If an update is not possible, apply a temporary workaround such as input validation.

Original NVD description (English source)

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS