CVE-2025-50537
Last modified
CVE-2025-50537 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. EPSS estimates a 0.16% chance of exploitation in the next 30 days.
Description
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openjsf | Eslint | < 9.26.0 |
References
- https://gist.github.com/lyyffee/2ee1815e5c2da82c05e9838b9bfefbbcThird Party Advisory
- https://github.com/eslint/eslint/issues/19646Exploit, Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-50537?
How severe is CVE-2025-50537?
How do I fix CVE-2025-50537?
Are you affected by CVE-2025-50537?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST