CVE-2025-31475

Published Apr 7, 2025

Last updated 2 months ago

CVSS medium 5.5

Overview

Description
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potential security risks such as data corruption or unintended code execution. An attacker with high privileges could exploit this vulnerability to modify object prototypes, affecting core JavaScript behavior, cause application crashes or unexpected behavior, or potentially introduce further security vulnerabilities depending on the application's architecture. This vulnerability is fixed in 1.20.1.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.5
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-1321

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-31475 🟠 MEDIUM (5.5) 🏢 AmauriC - tarteaucitron.js 🏗️ < 1.20.1 🔗 https://t.co/PcHS7LaKJo 🔗 https://t.co/2TiU2YRwL3 #CyberCron #VulnAlert #InfoSec https://t.co/vz0akTqkTg

    @cybercronai

    7 Apr 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.