CVE-2025-56572
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-30

Last updated on: 2025-10-08

Assigner: MITRE

Description
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-30
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-09-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-56572
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ebradyjobory finance.js 4.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-56572 is a Denial of Service (DoS) vulnerability in Finance.js version 4.1.0 that affects the seekZero() function. The function lacks limits on iteration, which can cause it to enter an infinite loop, leading to excessive CPU usage and application crashes. This vulnerability can be triggered remotely without any privileges, impacting both browser and Node.js environments. [1]

Impact Analysis

This vulnerability can cause your application using Finance.js to become unresponsive or crash due to high CPU consumption caused by infinite loops in the seekZero() function. This results in a Denial of Service, making the application unavailable to legitimate users and potentially disrupting business operations. [1]

Detection Guidance

This vulnerability can be detected by monitoring for symptoms such as high CPU usage, application stalls, or crashes related to the use of the seekZero() function in finance.js version 4.1.0. Since the issue involves infinite loops or excessive iterations in the seekZero() function, you can detect it by observing processes running finance.js for unusually high CPU consumption. Specific commands to detect this include using system monitoring tools like 'top' or 'htop' on Linux to identify processes with high CPU usage. Additionally, you can instrument or log calls to the seekZero() function in your application to detect excessive iteration or hangs. There are no direct network detection commands since this is a local application-level issue triggered remotely but affecting the application runtime. [1, 2]

Mitigation Strategies

Immediate mitigation steps include updating or patching finance.js to a version that limits iteration depth in the seekZero() function to prevent infinite loops. If an updated version is not available, you can implement a workaround by adding iteration limits or timeouts around calls to seekZero() to avoid excessive CPU usage or application crashes. Additionally, consider restricting or validating inputs that trigger the seekZero() function remotely to prevent exploitation. Monitoring application performance and restarting affected services upon detection of hangs or crashes can also help mitigate impact until a permanent fix is applied. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56572. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart