- Description
- pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
A vulnerability was recently discovered in pdfme. It has been fixed in Version 5.4.1. We have published a security advisory accordingly. https://t.co/inAvfBvcoX The CVE ID is CVE-2025-53626. We apologize for any inconvenience caused and appreciate your understanding.
@labelmake
12 Jul 2025
392 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
先日 pdfmeで脆弱性が発見されました。Version 5.4.1 で修正済みです。 それに伴いセキュリティ アドバイザリの公開を行いました。 https://t.co/inAvfBvcoX CVE IDはCVE-2025-53626となります。ご迷惑おかけしますがよろし
@labelmake
12 Jul 2025
705 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-53626 pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing san… https://t.co/TdCh9kipy1
@CVEnew
11 Jul 2025
306 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53626 Sandbox Escape and XSS Vulnerability in pdfme PDF Generator 5.2.0-5.4.0 https://t.co/P1eNLUfmTC
@VulmonFeeds
11 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes