CVE-2025-64718

ADVISORY - github

Summary

Impact

In js-yaml 4.1.0, 4.0.0, and 3.14.1 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.

Patches

Problem is patched in js-yaml 4.1.1 and 3.14.2.

Workarounds

You can protect against this kind of attack on the server by using node --disable-proto=delete or deno (in Deno, pollution protection is on by default).

References

https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html

EPSS Score⁠: 0.00019 (0.041)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - github

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - redhat

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Impacted images

Advisories

NIST

CREATED

2 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2025-64718⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1321⁠

CVSS SCORE

5.3medium

GitHub

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDGHSA-mh29-5h37-fv8m⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1321⁠

CVSS SCORE

5.3medium

Debian

CREATED

2 months ago

UPDATED

12 days ago

ADVISORY IDCVE-2025-64718⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-64718⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

2 months ago

UPDATED

6 days ago

ADVISORY IDCVE-2025-64718⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1321⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-2gw8-7rqg-gw8r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-2p9v-jvc4-8xq7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-2qv7-7mjf-6qmw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-356v-grqc-f4xw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-3c6r-4ghv-m28h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-598p-7cqw-86f3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-5f7j-2v83-85p9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-7hwv-hjqx-7j42

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-7jj2-7wc7-3hmr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-82rp-46cx-873m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-83wr-xg45-g79x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-8456-788m-9x6m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-8hr3-fm83-v7w8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-9286-xp7f-hqpm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-9q79-rp22-6vqh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-c8pw-7wq5-cv4q

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-c96m-f889-7vc3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

30 days ago

UPDATED

30 days ago

ADVISORY ID

CGA-f6p7-c6p7-p6cv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-fm89-ccr4-3f6c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-g7q7-7jv6-g4g8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-hpw3-929h-f755

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-j6vx-8w9h-29w2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-jfhr-7q72-p4j6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-jq76-f948-q8rw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-m8q5-hgg3-7vj7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

CGA-mfcv-6pv8-6v39

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-mxm9-hxqf-pr7j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-mxwc-5wc4-g7gh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-ph77-h297-cjr7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-prcr-hj45-x4jp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-q9xc-89g3-cm2h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-vm9v-229q-27rh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-x6wh-jhch-gcj7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-x77q-p25m-4x2p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-xcp6-3g7h-pmpx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-4w3g-4w2v-9524

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-5v8w-pgcp-2wq4

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-5w96-f692-8x63

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-6v2c-wfc7-5vg2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-8jwx-793q-2wmj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-cfgf-wxx6-7gf5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-chr3-jmjh-fvmf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-gcw7-2c9r-9gww

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-hr46-j729-h59x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-j8q6-vwm3-qvqm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-mp2j-7j26-62fq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-q9qj-46c9-4grw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-x2g7-j7f6-5rx9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-x3vh-jxvc-chv9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-x3vj-cmxh-ggc5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-x9ww-qh25-h7g3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-xwm2-xhhw-2w6h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY