CVE-2025-78901

Name of the Vulnerable Software and Affected Versions Telerik UI library versions prior to 2025.3.1 Node.js (affected versions not specified)

Description A critical issue exists in Telerik UI library and Node.js event emitters. The Telerik UI library is currently under active exploitation, with mass scanning and ransomware attempts observed. The Node.js issue allows for prototype pollution, potentially leading to a denial-of-service (DoS) condition. The Node.js issue was addressed upstream on October 29. The Telerik UI library issue affects thousands of .NET web applications.

Recommendations Update Telerik UI library to version 2025.3.1 or later. Audit Node.js dependencies with npm audit.