What is the CVSS score of CVE-2025-45143?

CVE-2025-45143 has a CVSS 3.1 base score of 7.0 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of String Math are affected by CVE-2025-45143?

Organizations using string-math v1.2.2 face moderate risk from CVE-2025-45143 rated CVSS 7.0. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2025-45143?

Yes, a public proof-of-concept exploit is available for CVE-2025-45143. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-45143?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

String Math CVE-2025-45143

EUVD-2025-19555 HIGH

Inefficient Regular Expression Complexity (ReDoS) (CWE-1333)

2025-06-30 cve@mitre.org

GHSA-994j-5c83-r424

Denial Of Service String Math

7.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.0 HIGH

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 01:25 euvd

EUVD-2025-19555

Analysis Generated

Mar 16, 2026 - 01:25 vuln.today

PoC Detected

Oct 18, 2025 - 01:41 vuln.today

Public exploit code

CVE Published

Jun 30, 2025 - 17:15 nvd

HIGH 7.0

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

16 npm packages depend on string-math (14 direct, 3 indirect)

Ecosystem-wide dependent count for version 1.2.2.

DescriptionCVE.org

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

Analysis

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Inefficient Regular Expression Complexity (ReDoS) (CWE-1333).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

CVE-2025-45143 vulnerability details – vuln.today

Back