Home > Vulnerability Database > CVE-2025-48054

Mend.io Vulnerability Database

CVE-2025-48054

Good to know:

Date: May 26, 2025

Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. This issue has been patched in version 12.5.1. A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is proto, prototype, or constructor.

Severity Score

9.1

Related Resources (5)

Url: https://github.com/radashi-org/radashi/security/advisories/GHSA-2xv9-ghh9-xc69

Url: https://github.com/radashi-org/radashi/commit/8147abc8cfc3cfe9b9a17cd389076a5d97235a66

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-48054

Url: https://github.com/radashi-org/radashi

Url: https://www.mend.io/vulnerability-database/CVE-2025-48054

Severity Score

9.1

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version radashi - 12.5.1;https://github.com/radashi-org/radashi.git - v12.5.1

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-48054

Good to know:

Date: May 26, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?