PT-2025-34819 · Unknown · Svelte Devalue

Apyatko

Published

2025-08-26

Updated

2025-08-27

CVE-2025-57820

CVSS v4.0

7.9

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions: Svelte devalue versions prior to 5.3.2

Description: Svelte devalue is a utility library susceptible to prototype pollution. Passing a string to devalue.parse that represents an object with a proto property, without numeric index checking, can lead to prototype assignment to objects and properties.

Recommendations: Update to version 5.3.2 or later.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2025-57820

GHSA-VJ54-72F3-P5JV

Affected Products

Svelte Devalue

PT-2025-34819 · Unknown · Svelte Devalue

CVE-2025-57820

Weakness Enumeration

Related Identifiers

Affected Products

References · 9