CVE-2025-54803

Name of the Vulnerable Software and Affected Versions js-toml versions prior to 1.0.2

Description A prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This can lead to severe security vulnerabilities in applications that use the library, potentially including authentication bypass, Denial of Service (DoS), or Remote Code Execution (RCE), depending on the application's logic and dependencies. The vulnerability occurs when parsing a TOML string containing the specially crafted key proto.

Recommendations Upgrade to version 1.0.2 or later to mitigate this issue. Ensure that any TOML input being passed to the js-toml library is from a fully trusted source and has been validated to not contain malicious keys.