CVE-2025-56572
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2025-56572, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-09-30

Last updated on: 2026-07-05

Assigner: MITRE

Description

An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-09-30
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2025-09-30
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ebradyjobory finance.js 4.1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-56572 is a Denial of Service (DoS) vulnerability in Finance.js version 4.1.0 that affects the seekZero() function. The function lacks limits on iteration, which can cause it to enter an infinite loop, leading to excessive CPU usage and application crashes. This vulnerability can be triggered remotely without any privileges, impacting both browser and Node.js environments. [1]

Impact Analysis

This vulnerability can cause your application using Finance.js to become unresponsive or crash due to high CPU consumption caused by infinite loops in the seekZero() function. This results in a Denial of Service, making the application unavailable to legitimate users and potentially disrupting business operations. [1]

Detection Guidance

This vulnerability can be detected by monitoring for symptoms such as high CPU usage, application stalls, or crashes related to the use of the seekZero() function in finance.js version 4.1.0. Since the issue involves infinite loops or excessive iterations in the seekZero() function, you can detect it by observing processes running finance.js for unusually high CPU consumption. Specific commands to detect this include using system monitoring tools like 'top' or 'htop' on Linux to identify processes with high CPU usage. Additionally, you can instrument or log calls to the seekZero() function in your application to detect excessive iteration or hangs. There are no direct network detection commands since this is a local application-level issue triggered remotely but affecting the application runtime. [1, 2]

Mitigation Strategies

Immediate mitigation steps include updating or patching finance.js to a version that limits iteration depth in the seekZero() function to prevent infinite loops. If an updated version is not available, you can implement a workaround by adding iteration limits or timeouts around calls to seekZero() to avoid excessive CPU usage or application crashes. Additionally, consider restricting or validating inputs that trigger the seekZero() function remotely to prevent exploitation. Monitoring application performance and restarting affected services upon detection of hangs or crashes can also help mitigate impact until a permanent fix is applied. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56572. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart