CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-57327

spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/spmrc%401.2.0/index.js
https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57327

Products affected by CVE-2025-57327

Spmjs » Spmrc » Version: 0.1.0

cpe:2.3:a:spmjs:spmrc:0.1.0
Spmjs » Spmrc » Version: 0.1.1

cpe:2.3:a:spmjs:spmrc:0.1.1
Spmjs » Spmrc » Version: 0.1.2

cpe:2.3:a:spmjs:spmrc:0.1.2
Spmjs » Spmrc » Version: 0.1.3

cpe:2.3:a:spmjs:spmrc:0.1.3
Spmjs » Spmrc » Version: 1.0.0

cpe:2.3:a:spmjs:spmrc:1.0.0
Spmjs » Spmrc » Version: 1.1.0

cpe:2.3:a:spmjs:spmrc:1.1.0
Spmjs » Spmrc » Version: 1.2.0

cpe:2.3:a:spmjs:spmrc:1.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-57327

Products

Pricing

Contact Us