CVE-2025-13465

CVSS v4.0

7.9

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Lodash versions 4.0.0 through 4.17.22

Description Lodash versions 4.0.0 through 4.17.22 are susceptible to prototype pollution within the

 .unset

and

 .omit

functions. An attacker can leverage crafted paths to trigger the deletion of methods from global prototypes. The issue allows for property deletion but does not permit modification of the original behavior of those properties.

Recommendations Update to Lodash version 4.17.23 or later.

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2025-13465

GHSA-XXJR-MMJV-4GPG

Affected Products

Lodash

CVE-2025-13465

Weakness Enumeration

Related Identifiers

Affected Products

References · 10