CVE-2025-25289

Name of the Vulnerable Software and Affected Versions: @octokit/request-error versions 1.0.0 through 6.1.6

Description: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability.

Recommendations: For @octokit/request-error versions 1.0.0 through 6.1.6, update to version 6.1.7 to resolve the issue. As a temporary workaround, consider restricting the length of the authorization header to prevent excessive resource consumption. Avoid using the authorization header with long sequences of spaces followed by a newline and "@" until the issue is resolved.