GHSA-ffrw-9mx8-89p8 · Severity: low · Ecosystem: npm — Withdrawn Advisory: fast-redact vulnerable to prototype pollution
fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. NOTE: the Supplier disputes this because the reporter only demonstrated access to properties by an internal utility function, and there is no means for achieving prototype pollution via the public API.
Conclusion & alert: CVE-2025-57319 is rated Moderate Risk (41.3/100): CVSS High severity, with low exploitation likelihood (EPSS 0.40%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.05% | 0.40% | +0.34% |
| 2 | 2025-10-26 | 0.02% | 0.05% | +0.04% |
| 3 | 2025-09-25 | — | 0.02% | — |
Full EPSS history (3 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
GHSA-ffrw-9mx8-89p8 · Severity: low · Ecosystem: npm — Withdrawn Advisory: fast-redact vulnerable to prototype pollution
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2025-57319 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||