AI description
CVE-2025-49223 affects billboard.js versions prior to 3.15.1. It involves a prototype pollution vulnerability within the `generate` function. This vulnerability allows attackers to inject arbitrary properties, potentially leading to arbitrary code execution or a denial-of-service (DoS) condition.
- Description
- billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
- Source
- cve@navercorp.com
- NVD status
- Analyzed
- Products
- billboard.js
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@navercorp.com
- CWE-1321
- Hype score
- Not currently trending
CVE-2025-49223 (CVSS:9.8, CRITICAL) is Analyzed. billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow ..https://t.co/pTnZXCI022 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
9 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2025-32756: https://t.co/1w8oAjYxV0 Fortinet (FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera) Stack-based BoF 2. CVE-2025-49223: https://t.co/0HK0aFCF70 Prototype Pollution in Billboard.js 3. CVE-2025-37899: https://t.co/RnMzAPQJjW Linux kernel SMB
@ksg93rd
8 Jun 2025
1165 Impressions
4 Retweets
14 Likes
9 Bookmarks
1 Reply
0 Quotes
⚠️ High-severity vuln in billboard.js <3.15.1 (CVE-2025-49223): Prototype pollution lets attackers run code or DoS your app. Patch now! Details: https://t.co/B7uY9ll1z4 #OffSeq #infosec #CVE202549223 https://t.co/8pHg9zHKsZ
@offseq
4 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49223 billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a… https://t.co/0QlWK4yKei
@CVEnew
4 Jun 2025
508 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:naver:billboard.js:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "221EEEB3-105E-4CDD-8F53-23BDAC46A61C",
"versionEndExcluding": "3.15.1"
}
],
"operator": "OR"
}
]
}
]