CVE-2025-54803
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-10-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sunnyadn | js-toml | to 1.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54803 is a prototype pollution vulnerability in the js-toml JavaScript TOML parser library versions below 1.0.2. It allows a remote attacker to craft malicious TOML input that modifies or adds properties to the global Object.prototype. This happens because the parser does not safely handle special keys like '__proto__', enabling attackers to manipulate the prototype chain of JavaScript objects. This can lead to security issues such as authentication bypass and other unexpected behaviors in applications using the vulnerable library. The vulnerability is fixed in version 1.0.2 by using prototype-less objects to store parsed data, preventing prototype pollution. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to escalate privileges or bypass authentication in your application. For example, by polluting Object.prototype, an attacker can inject properties like 'isAdmin' that affect all objects, causing unauthorized users to gain admin rights. It can also lead to denial of service or potentially remote code execution depending on how the application uses the parsed TOML data. Any application using a vulnerable version of js-toml to parse untrusted TOML input is at risk. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if parsing malicious TOML input containing keys like '__proto__' modifies the global Object.prototype. A practical detection method is to run a script that uses the vulnerable js-toml version to parse a TOML payload such as '[__proto__]\nisAdmin = true' and then check if a normal object inherits the 'isAdmin' property. For example, using Node.js, you can run a script similar to the proof-of-concept that parses this payload and checks if an ordinary object gains the 'isAdmin' property. There are no specific network commands, but detection involves executing such test scripts locally or in a controlled environment to verify prototype pollution. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the js-toml package to version 1.0.2 or later, where the vulnerability is fixed by using prototype-less objects to store parsed data. If upgrading is not possible, ensure that all TOML inputs are fully trusted and validated to exclude malicious keys such as '__proto__' to prevent prototype pollution. Avoid parsing untrusted TOML data with vulnerable versions of js-toml. [3, 1]