216.73.216.133

CVE-2025-12758

· Published 27/11/2025 05:16 · Modified 03/12/2025 17:15

Labels: CVE-2025-12758 2025-11-27CVE-2025-12758CWE-172CWE-792[email protected]

Essential information

Published
27/11/2025 05:16
Modified
03/12/2025 17:15
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References