CVE-2025-50537

Exploit

EPSS 0.01%
Veröffentlicht 26.01.2026 00:00:00
Zuletzt bearbeitet 04.02.2026 15:11:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openjsf ≫ Eslint SwPlatformnode.js Version < 9.26.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.021

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/eslint/eslint/issues/19646

Third Party Advisory

Exploit

Issue Tracking

https://gist.github.com/lyyffee/2ee1815e5c2da82c05e9838b9bfefbbc

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-50537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-50537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-50537

EUVD