Home > Vulnerability Database > CVE-2025-62374

Mend.io Vulnerability Database

CVE-2025-62374

Good to know:

Date: October 14, 2025

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (internal) are affected. This vulnerability is fixed in 7.0.0.

Severity Score

6.4

Related Resources (7)

Url: https://github.com/parse-community/Parse-SDK-JS

Url: https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3

Url: https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1

Url: https://github.com/parse-community/Parse-SDK-JS/pull/2749

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62374

Url: https://github.com/parse-community/Parse-SDK-JS/commit/00973987f361368659c0c4dbf669f3897520b132

Url: https://www.mend.io/vulnerability-database/CVE-2025-62374

Severity Score

6.4

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version parse - 7.0.0

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62374

Good to know:

Date: October 14, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?