PT-2025-24558 · Metabase · Metabase
Mmmsssttt
·
Published
2025-06-09
·
Updated
2025-06-09
·
CVE-2025-5895
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Metabase version 54.10
Description
A problematic issue was found in the function
parseDataUri of the file frontend/src/metabase/lib/dom.js. This issue leads to inefficient regular expression complexity and can be initiated remotely.Recommendations
To fix this issue, apply the patch 4454ebbdc7719016bf80ca0f34859ce5cee9f6b0. As a temporary workaround, consider restricting access to the
parseDataUri function until the patch is applied.Exploit
Fix
Resource Exhaustion
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Metabase