CVE-2025-62374

Name of the Vulnerable Software and Affected Versions Parse Javascript SDK versions prior to 7.0.0

Description A flaw exists in Parse Javascript SDK that, before version 7.0.0, allows for remote code execution through the injection of malicious payloads. The following components are impacted: ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (internal).

Recommendations Update to version 7.0.0 or later.