CVE-2025-55164
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | xf_x2000r_firmware | 2.0.0-b20230727.10434 |
| adobe | acrobat_reader | 25.1.20623 |
| totolink | xf_x2000r_firmware | 1.0.0-b20230221.0948.web |
| microsoft | office | 16.0.19214.20000 |
| totolink | xf_x2000r_firmware | 1.0.0-b20221212.1452 |
| adobe | acrobat_reader | 2025.1.20577 |
| totolink | xf_x2000r_firmware | 1.0.0-b20231213.1013 |
| totolink | xf_x2000r_firmware | 1.0.0-b20230726.1108 |
| helmetjs | content-security-policy-parser | 0.6.0 |
| microsoft | office | 16.0.10417.20042 |
| mozilla | firefox | 141.0.3.0 |
| helmetjs | content-security-policy-parser | 0.5.0 |
| totolink | xf_x2000r_firmware | 1.0.0-b20230221.0948 |
| chrome | 141.0.7362.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55164 is a prototype pollution vulnerability in the content-security-policy-parser library versions 0.5.0 and earlier. It occurs when a Content Security Policy (CSP) directive named "__proto__" is parsed, allowing an attacker to override the JavaScript Object prototype. This can lead to unexpected behavior such as denial of service or potentially remote code execution when combined with other vulnerable libraries. The vulnerability arises because the parser does not properly validate or restrict modifications to the Object prototype, enabling malicious input to alter prototype attributes. The issue has been fixed in version 0.6.0 by changing the internal data structure from an object to a Map, preventing prototype pollution. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to override the JavaScript Object prototype via specially crafted CSP directives containing "__proto__". This can cause unexpected behavior in applications, including denial of service or potentially remote code execution when combined with other vulnerable libraries. The attack requires no privileges or user interaction and can be exploited remotely over the network, making it highly critical. If exploited, it can compromise the integrity and availability of your system or application. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if your system uses the content-security-policy-parser package version 0.5.0 or earlier. Additionally, you can inspect Content Security Policy strings for the presence of the '__proto__' directive, which indicates potential prototype pollution attempts. For example, searching logs or CSP headers for '__proto__' can help identify exploitation attempts. There are no specific commands provided in the resources, but you might use commands like `grep '__proto__'` on logs or network captures to find suspicious CSP strings. Also, verifying the installed package version with `npm list content-security-policy-parser` can help detect vulnerable versions. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the content-security-policy-parser package to version 0.6.0 or later, where the vulnerability is patched. As a workaround, you can run Node.js with the `--disable-proto=delete` (recommended) or `--disable-proto=throw` flags to disable prototype pollution attacks. Additionally, you can implement input validation by whitelisting valid CSP directives and blocking or filtering out '__proto__' and 'prototype' as policy names. Using safer object creation patterns like `Object.create(null)` or relying on the patched version that uses a Map instead of a plain object also helps prevent exploitation. [1, 2, 3]