ByteOS Network

NVD Vulnerability Details :

CVE-2025-13158

Awaiting Analysis

Source-103e4ec9-0a87-450b-af77-479448ddef11

Published At-26 Dec, 2025 | 16:15

Updated At-29 Dec, 2025 | 15:57

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.3	CRITICAL	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-1321	Secondary	103e4ec9-0a87-450b-af77-479448ddef11

CWE ID: CWE-1321

Type: Secondary

Source: 103e4ec9-0a87-450b-af77-479448ddef11

References

Hyperlink	Source	Resource
https://www.sonatype.com/security-advisories/cve-2025-13158	103e4ec9-0a87-450b-af77-479448ddef11	N/A

Hyperlink: https://www.sonatype.com/security-advisories/cve-2025-13158

Source: 103e4ec9-0a87-450b-af77-479448ddef11

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History