CVE-2025-61140
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk32th percentile - higher than 32% of all known CVEs
Summary
The value function in jsonpath version 1.1.1 in lib/index.js is vulnerable to Prototype Pollution. An attacker can exploit this flaw to modify object prototypes, potentially leading to unauthorized access or code execution.
Risk Assessment
The risk for the organization includes potential application takeover, data leakage, or privilege escalation through manipulation of JavaScript object prototypes.
Recommendation
It is recommended to immediately update the jsonpath library to the latest available version that fixes this vulnerability. If an update is not possible, apply a temporary workaround such as input validation.
Original NVD description (English source)
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

