CVE-2025-58353
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-05

Assigner: GitHub, Inc.

Description
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The β€œsanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58353
EUVD
EUVD-2025-26866
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mathharo promptcraft-sanitize *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58353 is a high-severity Cross-Site Scripting (XSS) vulnerability in the npm package @mathharo/promptcraft-sanitize used by Promptcraft Forge Studio. The vulnerability occurs because the package uses regex blacklists to sanitize user input by removing dangerous tokens like 'javascript:' only once. Due to overlapping multi-character tokens, this single-pass replacement can leave executable payloads intact. For example, strings containing repeated or overlapping dangerous tokens are not fully sanitized, allowing malicious scripts to remain. When these unsafely sanitized values are used in HTML attributes like href or src, or injected into the DOM, they can execute arbitrary JavaScript within the application's origin, potentially leading to unauthorized actions or token theft. [1]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript code within the context of the affected application. This can lead to theft of sensitive information such as authentication tokens, unauthorized actions performed on behalf of the user, and other malicious behaviors. Exploitation typically requires user interaction, such as clicking a crafted link. The impact includes high confidentiality loss, low integrity impact, and no availability impact. [1]

Detection Guidance

This vulnerability can be detected by inspecting the usage of the vulnerable npm package @mathharo/promptcraft-sanitize in your application, especially looking for improper input sanitization in the file src/utils/validation.ts. You can search your codebase for usage of regex-based blacklists that remove dangerous tokens only once, and check if sanitized values are used in HTML attributes like href or src, or injected into the DOM via innerHTML or dangerouslySetInnerHTML. Commands to help detect this include: 1) Searching for the vulnerable package: `npm ls @mathharo/promptcraft-sanitize` 2) Searching for usage of dangerouslySetInnerHTML or innerHTML: `grep -r 'dangerouslySetInnerHTML' ./` and `grep -r 'innerHTML' ./` 3) Searching for regex replacements related to javascript:, on\w+\s*=, or data:text/html: `grep -rE 'replace\(/javascript:/|on\w+\s*=|data:text/html' ./` 4) Testing inputs with overlapping dangerous tokens like "javajavascript:script:" or "dadata:text/htmlta:text/html" to see if they are sanitized properly. These steps help identify if the vulnerable sanitization logic is present and exploitable. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Replace the fragile regex-based sanitization with well-tested sanitizers such as DOMPurify (for browser environments) or sanitize-html (for Node.js). 2) If regex must be used, apply replacements repeatedly until the input string stabilizes to fully remove overlapping dangerous tokens. 3) Avoid passing untrusted input to dangerouslySetInnerHTML or innerHTML. 4) Prefer whitelisting safe URLs for href and src attributes instead of relying on blacklists. Since there is currently no fix available for the vulnerable package, these mitigations reduce the risk of exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58353. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart