Sign In

CVE-2025-12758

ADVISORY - github

Summary

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.

EPSS Score: 0.0005 (0.156)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-172

Encoding Error

CWE-792

Incomplete Filtering of One or More Instances of Special Elements

ADVISORY - github

CWE-792

Incomplete Filtering of One or More Instances of Special Elements

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-12758
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-172CWE-792

CVSS SCORE

7.7high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-vghf-hv5q-vc2g
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-792

CVSS SCORE

7.7high

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-3p76-j7rg-784v

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-pcrv-g453-93gf

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-v2w6-mv2c-293q

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-jv5q-pv59-w2fc

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY