CVE-2025-8083

Name of the Vulnerable Software and Affected Versions Vuetify versions 2.2.0-beta.2 through 3.0.0-alpha.10

Description The Preset configuration feature of Vuetify is susceptible to Prototype Pollution due to the 'mergeDeep' utility function used for merging options with defaults. A specially crafted, malicious preset can pollute JavaScript objects with arbitrary properties, potentially impacting application behavior. This could lead to resource exhaustion, denial of service, or unauthorized data access. If the application uses Server-Side Rendering (SSR), the vulnerability could affect the entire server process.

Recommendations Versions 2.2.0-beta.2 through 2.x are End-of-Life and will not receive updates. Versions 2.2.0-beta.2 through 3.0.0-alpha.9 should be updated.