← back
CVE-2025-7783

Usage of unsafe random function in form-data for choosing boundary

CVSS 9.4 CRITICALEPSS 1.7%CWE-330
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Affected products
form-data
public PoCs found1
githubgithub.com/benweissmann/CVE-2025-7783-poc32
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html