CVE-2025-57325
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Description
rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Analysis
rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical Context
This vulnerability is classified as Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321), which allows attackers to modify object prototypes to inject properties affecting application logic. rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. Affected products include: Rollbar.
Affected Products
Rollbar.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Freeze prototypes, validate object keys, avoid recursive merging of untrusted data.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today