CVE-2025-13158
Unknown Unknown - Not Provided
Prototype Pollution in apidoc-core preProcess() Causes DoS

Publication date: 2025-12-26

Last updated on: 2025-12-26

Assigner: Sonatype

Description
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the β€œdefine” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-26
Last Modified
2025-12-26
Generated
2026-06-16
AI Q&A
2025-12-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13158
EUVD
EUVD-2025-205451
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apidoc-core apidoc-core 0.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a prototype pollution issue in apidoc-core versions 0.2.0 and later. It allows remote attackers to modify JavaScript object prototypes by sending malformed data structures, including the 'define' property. This can affect the preProcess() function in several worker modules, potentially causing denial of service or unexpected behavior in applications that depend on the integrity of prototype chains.

Impact Analysis

The vulnerability can lead to denial of service or unintended behavior in applications that rely on the integrity of JavaScript prototype chains. This means attackers could disrupt normal application operations or cause the application to behave unpredictably.

Mitigation Strategies

To mitigate this vulnerability, immediately update apidoc-core to a version later than 0.2.0 where the issue is fixed. Additionally, review and sanitize any input data structures processed by the application, especially those involving the 'define' property, to prevent prototype pollution. Monitor application behavior for signs of denial of service or unexpected behavior related to prototype chain manipulation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart