CVE-2025-57352
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-09-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| raynos | min-document | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the 'min-document' package before version 2.19.0. It is caused by improper handling of namespace operations in the removeAttributeNS method. Specifically, when processing malicious input involving the __proto__ property, an attacker can manipulate the prototype chain of JavaScript objects. This manipulation can lead to denial of service or arbitrary code execution due to insufficient validation of attribute namespace removal operations.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to cause denial of service or execute arbitrary code by manipulating the prototype chain of JavaScript objects. This can compromise the security and stability of applications using the affected 'min-document' package, potentially leading to system crashes or unauthorized actions.