CVE-2025-5891

Опубликовано: 09 июн. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 5.3

CVSS2: 4

EPSS Низкий

Описание

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://gist.github.com/mmmsssttt404/407e2ffe3e0eaa393ad923a86316a385
Product
https://github.com/Unitech/pm2/pull/5971
Exploit
Issue Tracking
Patch
https://vuldb.com/?ctiid.311662
Permissions Required
VDB Entry
https://vuldb.com/?id.311662
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.585750
Third Party Advisory
VDB Entry
https://github.com/Unitech/pm2/pull/5971
Exploit
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keymetric:pm2:*:*:*:*:*:*:*:*

Версия до 6.0.6 (включая)

EPSS

Процентиль: 23%

0.00075

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400

CWE-1333

Связанные уязвимости

GHSA-x5gf-qvw8-r2rm

CVSS3: 4.3

github

8 месяцев назад

pm2 Regular Expression Denial of Service vulnerability

EPSS

Процентиль: 23%

0.00075

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400

CWE-1333