CVE-2025-57820

Vulnerability Description

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2

Related Weaknesses (CWE)

CWE-1321

References

https://github.com/sveltejs/devalue/commit/0623a47c9555b639c03ff1baea82951b2d9d1
https://github.com/sveltejs/devalue/security/advisories/GHSA-vj54-72f3-p5jv

FAQ

What is CVE-2025-57820?

CVE-2025-57820 is a documented vulnerability. Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is nume...

How severe is CVE-2025-57820?

CVSS scoring is not yet available for CVE-2025-57820. Check NVD for updates.

Is there a patch for CVE-2025-57820?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.