Vulnerability Description
A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vercel | Hyper | <= 3.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/vercel/hyper/issues/8098ExploitThird Party Advisory
- https://vuldb.com/?ctiid.314973Permissions RequiredVDB Entry
- https://vuldb.com/?id.314973Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.602353Third Party AdvisoryVDB Entry
- https://github.com/vercel/hyper/issues/8098ExploitThird Party Advisory
FAQ
What is CVE-2025-7074?
CVE-2025-7074 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulatio...
How severe is CVE-2025-7074?
CVE-2025-7074 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7074?
Check the references section above for vendor advisories and patch information. Affected products include: Vercel Hyper.