8.2

CVE-2025-13465

Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.

The issue permits deletion of properties but does not allow overwriting their original behavior.

This issue is patched on 4.17.23
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LodashLodash SwPlatformnode.js Version >= 4.0.0 < 4.17.23
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.54% 0.717
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
ce714d77-add3-4f53-aff5-83d477b104bb 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

https://cert-portal.siemens.com/productcert/html/ssa-253495.html
https://bugzilla.redhat.com/show_bug.cgi?id=2431740
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13465.json
https://access.redhat.com/errata/RHSA-2026:11414
https://access.redhat.com/errata/RHSA-2026:13542
https://access.redhat.com/errata/RHSA-2026:13548
https://access.redhat.com/errata/RHSA-2026:14774
https://access.redhat.com/errata/RHSA-2026:15091
https://access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/errata/RHSA-2026:25089
https://access.redhat.com/errata/RHSA-2026:3782
https://access.redhat.com/errata/RHSA-2026:3869
https://access.redhat.com/errata/RHSA-2026:3874
https://access.redhat.com/errata/RHSA-2026:3884
https://access.redhat.com/errata/RHSA-2026:3958
https://access.redhat.com/errata/RHSA-2026:3960
https://access.redhat.com/errata/RHSA-2026:4466
https://access.redhat.com/errata/RHSA-2026:4467
https://access.redhat.com/errata/RHSA-2026:5636
https://access.redhat.com/errata/RHSA-2026:6192
https://access.redhat.com/errata/RHSA-2026:6497
https://access.redhat.com/errata/RHSA-2026:6567
https://access.redhat.com/errata/RHSA-2026:8218
https://access.redhat.com/errata/RHSA-2026:8229
https://access.redhat.com/errata/RHSA-2026:9848
https://access.redhat.com/errata/RHSA-2026:13829
https://access.redhat.com/errata/RHSA-2026:20088
https://access.redhat.com/errata/RHSA-2026:34608
https://access.redhat.com/errata/RHSA-2026:20042
https://access.redhat.com/errata/RHSA-2026:21658
https://access.redhat.com/errata/RHSA-2026:17469
https://access.redhat.com/errata/RHSA-2026:2147
https://access.redhat.com/errata/RHSA-2026:2148
https://access.redhat.com/errata/RHSA-2026:2149
https://access.redhat.com/errata/RHSA-2026:2694
https://access.redhat.com/errata/RHSA-2026:3087
https://access.redhat.com/errata/RHSA-2026:36651
https://access.redhat.com/errata/RHSA-2026:36882
https://access.redhat.com/errata/RHSA-2026:5633
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:14870
https://access.redhat.com/errata/RHSA-2026:14871
https://access.redhat.com/errata/RHSA-2026:1845
https://access.redhat.com/errata/RHSA-2026:18480
https://access.redhat.com/errata/RHSA-2026:18868
https://access.redhat.com/errata/RHSA-2026:2078
https://access.redhat.com/errata/RHSA-2026:2119
https://access.redhat.com/errata/RHSA-2026:2145
https://access.redhat.com/errata/RHSA-2026:24331
https://access.redhat.com/errata/RHSA-2026:2438
https://access.redhat.com/errata/RHSA-2026:2452
https://access.redhat.com/errata/RHSA-2026:2462
https://access.redhat.com/errata/RHSA-2026:2465
https://access.redhat.com/errata/RHSA-2026:2469
https://access.redhat.com/errata/RHSA-2026:2484
https://access.redhat.com/errata/RHSA-2026:2651
https://access.redhat.com/errata/RHSA-2026:2661
https://access.redhat.com/errata/RHSA-2026:2672
https://access.redhat.com/errata/RHSA-2026:2675
https://access.redhat.com/errata/RHSA-2026:2816
https://access.redhat.com/errata/RHSA-2026:2817
https://access.redhat.com/errata/RHSA-2026:2818
https://access.redhat.com/errata/RHSA-2026:2819
https://access.redhat.com/errata/RHSA-2026:2900
https://access.redhat.com/errata/RHSA-2026:2926
https://access.redhat.com/errata/RHSA-2026:2984
https://access.redhat.com/errata/RHSA-2026:2990
https://access.redhat.com/errata/RHSA-2026:33154
https://access.redhat.com/errata/RHSA-2026:33371
https://access.redhat.com/errata/RHSA-2026:3422
https://access.redhat.com/errata/RHSA-2026:3710
https://access.redhat.com/errata/RHSA-2026:3825
https://access.redhat.com/errata/RHSA-2026:3870
https://access.redhat.com/errata/RHSA-2026:3962
https://access.redhat.com/errata/RHSA-2026:4423
https://access.redhat.com/errata/RHSA-2026:4630
https://access.redhat.com/errata/RHSA-2026:4782
https://access.redhat.com/errata/RHSA-2026:6288
https://access.redhat.com/security/cve/CVE-2025-13465
https://access.redhat.com/errata/RHSA-2026:34100