PT-2025-24561 · Taro · Taro

Mmmsssttt

Published

2025-06-09

Updated

2025-07-10

CVE-2025-5896

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions tarojs taro versions 4.1.1 and earlier

Description A vulnerability was found in the tarojs taro software, which has been declared as problematic. This issue affects unknown code of the file taro/packages/css-to-react-native/src/index.js, leading to inefficient regular expression complexity. The attack can be initiated remotely.

Recommendations For versions 4.1.1 and earlier, upgrade to version 4.1.2 to address this issue.

Exploit

Fix

Resource Exhaustion

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

CVE-2025-5896

GHSA-F5XG-CFPJ-2MW6

Affected Products

Taro

PT-2025-24561 · Taro · Taro

CVE-2025-5896

Weakness Enumeration

Related Identifiers

Affected Products

References · 13