CVE-2025-69873
ADVISORY - githubSummary
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.
Common Weakness Enumeration (CWE)
Inefficient Regular Expression Complexity
NIST
CVSS SCORE
2.9lowGitHub
CVSS SCORE
5.5mediumDebian
-
Ubuntu
-
CVSS SCORE
N/AmediumRed Hat
3.9
CVSS SCORE
7.5highChainguard
CGA-pjx7-r22p-cr2c
-
minimos
MINI-2gwc-jxv7-h24v
-
minimos
MINI-448w-f589-rg5h
-
minimos
MINI-4crg-6wjr-x62f
-
minimos
MINI-6622-wmw4-rf96
-
minimos
MINI-6c7m-qxj8-5pcr
-
minimos
MINI-6xr3-26qw-q3mg
-
minimos
MINI-747g-rw5m-wpm5
-
minimos
MINI-7v47-cp6c-6q28
-
minimos
MINI-7vxw-945h-56cg
-
minimos
MINI-c5hp-x8pj-g848
-
minimos
MINI-c7wg-797g-5q9q
-
minimos
MINI-cpjw-97vr-8v5f
-
minimos
MINI-hc68-49vj-v2mr
-
minimos
MINI-jvwf-gm26-627g
-
minimos
MINI-pwgr-46qq-76rh
-
minimos
MINI-qj6g-7h42-xf34
-
minimos
MINI-vqgh-hhrm-4x6p
-