Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-12758
PUBLISHED
More InfoOfficial Page
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
View Known Exploited Vulnerability (KEV) details
Published At-27 Nov, 2025 | 05:00
Updated At-29 Jan, 2026 | 23:06
Rejected At-
▼CVE Numbering Authority (CNA)

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.

Affected Products
Vendor
n/a
Product
validator
Versions
Affected
  • From 0 before 13.15.22 (semver)
Problem Types
TypeCWE IDDescription
N/AN/AIncomplete Filtering of One or More Instances of Special Elements
Type: N/A
CWE ID: N/A
Description: Incomplete Filtering of One or More Instances of Special Elements
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Karol Wrótniak
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476
N/A
https://gist.github.com/koral--/ad31208b25b9e3d1e2e35f1d4d72572e
N/A
https://github.com/validatorjs/validator.js/pull/2616
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476
Resource: N/A
Hyperlink: https://gist.github.com/koral--/ad31208b25b9e3d1e2e35f1d4d72572e
Resource: N/A
Hyperlink: https://github.com/validatorjs/validator.js/pull/2616
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-172CWE-172 Encoding Error
Type: CWE
CWE ID: CWE-172
Description: CWE-172 Encoding Error
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476
exploit
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476
Resource:
exploit
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2026/Jan/27
N/A
Hyperlink: http://seclists.org/fulldisclosure/2026/Jan/27
Resource: N/A
Details not found