Vulnerability DatabaseCVE-2025-55195
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-55195
August 14, 2025
@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9.
Affected Packages
https://github.com/denoland/std.git (GITHUB):
Affected version(s) >=release-2024.05.07 <release-2025.08.13
Fix Suggestion:
Update to version release-2025.08.13
Related ResourcesĀ (3)
https://github.com/denoland/std/security/advisories/GHSA-crjp-8r9q-2j9r
https://github.com/denoland/std/commit/540662cfd6d71e969af292aa604ef4049dbe271b
https://github.com/denoland/std/releases/tag/release-2025.08.13
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1321
EPSS
Base Score:
0.12