CVE-2025-9308

Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22

Description: A vulnerability exists in Yarn Package Manager due to inefficient regular expression complexity within the setOptions function located in the src/util/request-manager.js file. Local access is required for exploitation. This issue affects products that are no longer supported by the maintainer.

Recommendations: Versions prior to 1.22.22 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.