CVE-2025-13465

CVSS v4.0

7.9

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Lodash versions 4.0.0 through 4.17.22

Description Lodash versions 4.0.0 through 4.17.22 are susceptible to prototype pollution within the

 .unset

and

 .omit

functions. An attacker can leverage crafted paths to trigger the deletion of methods from global prototypes. The issue allows for property deletion but does not permit modification of the original behavior of those properties.

Recommendations Update to Lodash version 4.17.23 or later.

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

ALSA-2026:2438

ALSA-2026:2452

CVE-2025-13465

GHSA-XXJR-MMJV-4GPG

OPENSUSE-SU-2026:10154-1

OPENSUSE-SU-2026:10155-1

OPENSUSE-SU-2026:20181-1

OPENSUSE-SU-2026:20182-1

RHSA-2026:2438

RHSA-2026:2452

RHSA-2026:2462

RHSA-2026:2465

RHSA-2026:2469

RHSA-2026:2484

RHSA-2026:2816

RHSA-2026:2817

RHSA-2026:2818

RHSA-2026:2819

RHSA-2026:3958

SUSE-SU-2026:0396-1

SUSE-SU-2026:0397-1

Affected Products

Lodash

Rocky Linux

CVE-2025-13465

Weakness Enumeration

Related Identifiers

Affected Products

References · 43