CVE-2025-13158
Unknown Unknown - Not Provided

Prototype Pollution in apidoc-core preProcess() Causes DoS

Vulnerability report for CVE-2025-13158, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-26

Last updated on: 2025-12-26

Assigner: Sonatype

Description

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the β€œdefine” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-26
Last Modified
2025-12-26
Generated
2026-07-06
AI Q&A
2025-12-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apidoc-core apidoc-core 0.2.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a prototype pollution issue in apidoc-core versions 0.2.0 and later. It allows remote attackers to modify JavaScript object prototypes by sending malformed data structures, including the 'define' property. This can affect the preProcess() function in several worker modules, potentially causing denial of service or unexpected behavior in applications that depend on the integrity of prototype chains.

Impact Analysis

The vulnerability can lead to denial of service or unintended behavior in applications that rely on the integrity of JavaScript prototype chains. This means attackers could disrupt normal application operations or cause the application to behave unpredictably.

Mitigation Strategies

To mitigate this vulnerability, immediately update apidoc-core to a version later than 0.2.0 where the issue is fixed. Additionally, review and sanitize any input data structures processed by the application, especially those involving the 'define' property, to prevent prototype pollution. Monitor application behavior for signs of denial of service or unexpected behavior related to prototype chain manipulation. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart