We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-54803

js-toml is vulnerable to Prototype Pollution



Description

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed in version 1.0.2.

Reserved 2025-07-29 | Published 2025-08-05 | Updated 2025-08-05 | Assigner GitHub_M


HIGH: 7.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Product status

< 1.0.2
affected

References

github.com/...s-toml/security/advisories/GHSA-65fc-cr5f-v7r2

github.com/...ommit/b125910a3f094b744c9c3571360d4b9e3a472f66

gist.github.com/siunam321/f3dc4d21a5a932c67b6c11d0026f5afc

cve.org (CVE-2025-54803)

nvd.nist.gov (CVE-2025-54803)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-54803

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.