CVE Catalog

CVE-2025-5889

Low
Published: Translated: NVD NIST

Summary

A vulnerability was found in the brace-expansion library up to versions 1.1.11, 2.0.1, 3.0.0, and 4.0.0, involving inefficient regular expression complexity in the expand function in index.js. The attack can be launched remotely.

Risk Assessment

The risk involves a potential Denial of Service (DoS) attack where specially crafted input can cause excessive CPU usage, leading to application slowdown or unavailability.

Recommendation

It is recommended to update the brace-expansion library to the latest available version that includes a fix for the inefficient regular expression issue.

Original NVD description (English source)

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Th

Vulnerability data from NVD (NIST) · CISA KEV · EPSS