What is the CVSS score of CVE-2025-50537?

CVE-2025-50537 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Eslint are affected by CVE-2025-50537?

Organizations using eslint should be aware of moderate risk from CVE-2025-50537 rated CVSS 5.5. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2025-50537?

Yes, a public proof-of-concept exploit is available for CVE-2025-50537. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-50537?

Within 30 days: Identify affected systems running eslint and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Eslint CVE-2025-50537

MEDIUM

Uncontrolled Recursion (CWE-674)

2026-01-26 cve@mitre.org

Stack Overflow Eslint Red Hat

5.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Red Hat

5.5 MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 04, 2026 - 15:11 vuln.today

Public exploit code

CVE Published

Jan 26, 2026 - 16:15 nvd

MEDIUM 5.5

DescriptionCVE.org

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

AnalysisAI

Technical ContextAI

Classified as CWE-674 (Uncontrolled Recursion). Affects Eslint. Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ult

RemediationAI

Monitor vendor advisories for a patch.

Vendor StatusVendor

CVE-2025-50537 vulnerability details – vuln.today

Back

Eslint CVE-2025-50537

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Share

External POC / Exploit Code