CVE-2025-57327

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions spmrc versions prior to 1.2.0

Description spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability exists in the set and config functions. This allows attackers to inject properties on Object.prototype by supplying a crafted payload. This can lead to a denial of service (DoS).

Recommendations Update spmrc to version 1.2.0 or later.

Exploit

Fix

DoS

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2025-57327

GHSA-R2RV-8PP3-65XW

Affected Products

Spmrc

CVE-2025-57327

Weakness Enumeration

Related Identifiers

Affected Products

References · 9