CVE-2025-13158

216.73.216.6

· Published 26/12/2025 16:15 · Modified 26/12/2025 16:15

Labels: CVE-2025-13158 103e4ec9-0a87-450b-af77-479448ddef11 2025-12-26 CVE-2025-13158 CWE-1321

Essential information

Published: 26/12/2025 16:15
Modified: 26/12/2025 16:15
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 103e4ec9-0a87-450b-af77-479448ddef11
NVD: View on NVD

Affected products (CPE)

Product	CPE
apidoc / apidoc-core	`cpe:2.3:a:apidoc:apidoc-core:0.2.0-::::::*`