CVE-2025-56571
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-30
Last updated on: 2025-10-08
Assigner: MITRE
Description
Description
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ebradyjobory | finance.js | 4.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-834 | The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Finance.js version 4.1.0 has a Denial of Service (DoS) vulnerability in its IRR function related to the depth parameter. The function improperly handles recursion or iteration limits, which can cause excessive CPU usage and lead to application stalls or crashes.
How can this vulnerability impact me? :
This vulnerability can cause your application to consume excessive CPU resources, potentially leading to application stalls or crashes, resulting in denial of service and disruption of normal operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70