CVE-2025-55346

Published: Aug 14, 2025
Updated: Aug 20, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55346" target="_blank" rel="noopener"> CVE-2025-55346
GHSA: <a href="https://github.com/advisories/GHSA-q4xx-mc3q-23x8" target="_blank" rel="noopener"> GHSA-q4xx-mc3q-23x8
Severity: Critical
Exploit:

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.