CVE-2025-53626

pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation

CVSS 6.1 MEDIUMEPSS 0.3%CWE-1321 CWE-79 CWE-94

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Productos afectados

pdfme · pdfme

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/pdfme/pdfme/commit/0dd54739acff2c249ed68c001a896bee38f0fd85 https://github.com/pdfme/pdfme/security/advisories/GHSA-54xv-94qv-2gfg