Main Vulnerability Database Vulnerabilities #VU123310

#VU123310 Prototype pollution in jsonpath - CVE-2025-61140

Published: February 27, 2026

Vulnerability identifier: #VU123310

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-61140

CWE-ID: CWE-1321

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
jsonpath

Software vendor:
dchester

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability..

External links

https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d
https://github.com/dchester/jsonpath

#VU123310 Prototype pollution in jsonpath - CVE-2025-61140

Description

Remediation

External links

Please verify you're human