How to fix CVE-2025-57348?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Prototype Pollution affected by CVE-2025-57348?

CVE-2025-57348 presents notable security risk, a prototype pollution vulnerability rated CVSS 6.5. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-57348

MEDIUM

2025-09-24 [email protected]

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:14 vuln.today

PoC Detected

Oct 17, 2025 - 14:50 vuln.today

Public exploit code

CVE Published

Sep 24, 2025 - 19:15 nvd

MEDIUM 6.5

Description

The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of user-supplied input in the package's resource initialization process. Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. The vulnerability affects versions up to and including 5.0.0-beta.19, and no official fix has been released to date.

Analysis

The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical Context

This vulnerability is classified as Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321), which allows attackers to modify object prototypes to inject properties affecting application logic. The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of user-supplied input in the package's resource initialization process. Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. The vulnerability affects versions up to and including 5.0.0-beta.19, and no official fix has been released to date. Affected products include: Node-Cube. Version information: version 5.0.0.

Affected Products

Node-Cube.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Freeze prototypes, validate object keys, avoid recursive merging of untrusted data.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +32

POC: +20

CVE-2025-57348 vulnerability details – vuln.today

Back

CVE-2025-57348

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-57348

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code