Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-61785
Good to know:
Date: October 7, 2025
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, "Deno.FsFile.prototype.utime" and "Deno.FsFile.prototype.utimeSync" are not limited by the permission model check "--deny-write=./". It's possible to change to change the access ("atime") and modification ("mtime") times on the file stream resource even when the file is opened with "read" only permission (and "write": "false") and file write operations are not allowed (the script is executed with "--deny-write=./"). Similar APIs like "Deno.utime" and "Deno.utimeSync" require "allow-write" permission, however, when a file is opened, even with read only flags and deny-write permission, it's still possible to change the access ("atime") and modification ("mtime") times, and thus bypass the permission model. Versions 2.5.3 and 2.2.15 fix the issue.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Incorrect Privilege Assignment
CWE-266Top Fix
Upgrade Version
Upgrade to version deno - 2.2.15;deno - 2.5.3;https://github.com/denoland/deno.git - v2.2.15;https://github.com/denoland/deno.git - v2.5.3
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | LOW |
| Availability (A): | NONE |