CVE-2025-57327

High CVSS: 7.5

spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Vendor

Spmjs

Product

Spmrc

CWE

CWE-1321

Yayın Tarihi

2025-09-24 20:15:32

Güncelleme

2025-10-20 16:50:36

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1321 Spmrc HIGH Spmjs 2025

Referanslar

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/spmrc%401.2.0/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57327