CVE-2025-57352

ADVISORY - github

Summary

A vulnerability exists in the 'min-document' package prior to version 2.19.1, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects, leading to denial of service or arbitrary code execution. This issue arises from insufficient validation of attribute namespace removal operations, allowing unintended modification of critical object prototypes. The vulnerability is addressed in version 2.19.1.

EPSS Score⁠: 0.00121 (0.315)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2025-57352⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1321⁠

CVSS SCORE

5.3medium

GitHub

CREATED

4 months ago

UPDATED

3 months ago

ADVISORY IDGHSA-rx8g-88g5-qh64⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1321⁠

CVSS SCORE

2.9low

Debian

CREATED

4 months ago

UPDATED

6 days ago

ADVISORY IDCVE-2025-57352⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

4 months ago

UPDATED

12 days ago

ADVISORY IDCVE-2025-57352⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

4 months ago

UPDATED

23 days ago

ADVISORY IDCVE-2025-57352⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1321⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

21 days ago

UPDATED

21 days ago

ADVISORY ID

CGA-xhpp-fvwf-prff

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2025-57352

Summary

Common Weakness Enumeration (CWE)

CWE-1321⁠

CWE-1321⁠

CWE-1321⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Debian

Ubuntu

CVSS SCORE

Red Hat

CVSS SCORE

Chainguard