CVE-2025-11362 | THREATINT

Description

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

PUBLISHED Reserved 2025-10-06 | Published 2025-10-07 | Updated 2025-10-09 | Assigner snyk

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Allocation of Resources Without Limits or Throttling

Credits

Ryusei Ishikawa

References

security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297

github.com/...ommit/741169634bf07730e010cd77477b6cc038e846ed

cve.org (CVE-2025-11362)

nvd.nist.gov (CVE-2025-11362)

Download JSON