CVE-2025-61140

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jsonpath version 1.1.1

Description The value function in jsonpath lib/index.js is susceptible to Prototype Pollution. This allows for modification of the prototype of JavaScript objects, potentially leading to unexpected behavior or code execution.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2025-61140

GHSA-6C59-MWGH-R2X6

OPENSUSE-SU-2026:20239-1

SUSE-SU-2026:1008-1

SUSE-SU-2026:1013-1

SUSE-SU-2026:1035-1

SUSE-SU-2026:1148-1

SUSE-SU-2026:1524-1

SUSE-SU-2026:20574-1

Affected Products

Jsonpath

CVE-2025-61140

Weakness Enumeration

Related Identifiers

Affected Products

References · 94