Main Vulnerability Database Vulnerabilities #VU112174

#VU112174 Inefficient regular expression complexity in plugin-paginate-rest.js - CVE-2025-25288

Published: July 4, 2025

Vulnerability identifier: #VU112174

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-25288

CWE-ID: CWE-1333

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
plugin-paginate-rest.js

Software vendor:
octokit

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a specially crafted `octokit` instance—particularly with a malicious `link` parameter in the `headers` section of the `request`—can trigger a ReDoS attack when calling `octokit.paginate.iterator()`. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability..

#VU112174 Inefficient regular expression complexity in plugin-paginate-rest.js - CVE-2025-25288

Description

Remediation

External links

Please verify you're human