Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-13465
Analyzed
More InfoOfficial Page
Source-ce714d77-add3-4f53-aff5-83d477b104bb
View Known Exploited Vulnerability (KEV) details
Published At-21 Jan, 2026 | 20:16
Updated At-17 Feb, 2026 | 17:10

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches

lodash
lodash
>>lodash>>Versions from 4.0.0(inclusive) to 4.17.23(exclusive)
cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-1321Secondaryce714d77-add3-4f53-aff5-83d477b104bb
CWE ID: CWE-1321
Type: Secondary
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpgce714d77-add3-4f53-aff5-83d477b104bb
Vendor Advisory
Hyperlink: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Resource:
Vendor Advisory
Change History
0Changes found

Details not found