Vulnerability Description
rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rollbar | Rollbar | <= 2.26.4 |
Related Weaknesses (CWE)
References
- https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/rBroken Link
- https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CThird Party Advisory
FAQ
What is CVE-2025-57325?
CVE-2025-57325 is a vulnerability with a CVSS score of 7.5 (HIGH). rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify ...
How severe is CVE-2025-57325?
CVE-2025-57325 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-57325?
Check the references section above for vendor advisories and patch information. Affected products include: Rollbar Rollbar.