CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-56571

Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.1%

CVSS Severity

CVSS v3 Score 7.5

References

http://financejs.com
https://github.com/ebradyjobory/finance.js
https://medium.com/@nakah_/cve-2025-56571-and-cve-2025-56572-denial-of-service-vulnerabilities-in-finance-js-78f8b399f53b
https://raw.githack.com/ebradyjobory/finance.js/6d571ea2a86d08491ceb584e292e9b76b0a60636/finance.js

Products affected by CVE-2025-56571

Ebradyjobory » Finance.js » Version: 4.1.0

cpe:2.3:a:ebradyjobory:finance.js:4.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-56571

Products

Pricing

Contact Us