CVE-2025-5889

ADVISORY - github

Summary

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.

EPSS Score⁠: 0.00052 (0.162)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

21 days ago

UPDATED

18 days ago

ADVISORY IDCVE-2025-5889⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1333⁠CWE-400⁠

CVSS SCORE

2.3low

GitHub

CREATED

21 days ago

UPDATED

19 days ago

ADVISORY IDGHSA-v6h2-p8h4-qcjw⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠

CVSS SCORE

1.3low

Debian

CREATED

19 days ago

UPDATED

13 days ago

ADVISORY IDCVE-2025-5889⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

CGA-5489-g42r-jj95

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-68hq-38fr-mv52

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-8h46-f3f6-h2fw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY ID

CGA-8v3m-9726-pcqj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-97v4-c273-mcxp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-9w98-92pm-h3wg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-gv96-6r2r-64g7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-gwp3-55v6-p25f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

CGA-hhqq-8pw8-gwx5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-hvx5-j33w-wf72

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-jq8h-hpf9-qxxv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-jv3c-567r-7fr7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-m5h5-p9f5-mqj5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

CGA-mvmv-c4pf-vgpr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-mwvc-f6xj-32qg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

CGA-p2f9-h939-jv5f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-r3qr-9hf3-wf37

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-vr9h-m8qm-5mj9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY ID

CGA-x49c-f2g9-2gqg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

CGA-x9mj-gpvv-mx29

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-xc8g-m7h6-2rp6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

CGA-xmhx-7mp3-8m9g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

CGA-xqvv-5w52-gqqq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2025-5889

Summary

Common Weakness Enumeration (CWE)

CWE-1333⁠

CWE-400⁠

CWE-400⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Debian

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard