/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-25285

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-25285

CGA ID

CGA-7cr5-25mq-fvpc

Severity

5.3

Medium

CVSS V3

Description

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parse(options) call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization. The issue occurs in the parse function within the parse.ts file of the npm package @octokit/endpoint. Version 10.1.3 contains a patch for the issue.

References

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation