CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed	Patch
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta1::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta10::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta11::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta12::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta13::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta14::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta15::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta16::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta2::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta3::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta4::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta5::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta6::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta7::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta8::::::
	cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta9::::::

History

No history.

Information

Published : 2025-10-07 05:15

Updated : 2025-10-20 15:51

NVD link : CVE-2025-11362

Mitre link : CVE-2025-11362

CVE.ORG link : CVE-2025-11362

JSON object : View

Products Affected

pdfmake

pdfmake

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2025-11362", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-07T05:15:33.787", "references": [{"url": "https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition."}], "lastModified": "2025-10-20T15:51:04.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66C8AC2C-2DC7-4934-83A0-CCB117E42E30"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E9F434F-B222-4B9E-894F-EF27349FD85A"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "302CBC0D-4021-43C9-9214-258EFAEBADA0"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "813FC92B-1352-46B2-98E5-177F2774A2FF"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6998E01F-28D0-4110-9B73-051917FC1786"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AE1D6C1-6D1F-40E2-A56B-D8975F41CF58"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A208BAFD-8F2C-4A30-87BC-9B9A4051113F"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D03BA7A-C32D-4FBA-8A45-3BB1EDFAA456"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "438BF14C-6B93-4D8C-BF7E-C7BA40E04595"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99C6EF3B-B002-4EB4-96DB-DFFFFED5570F"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60BC0F53-38A5-4BFD-95AC-47B7635BA52E"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F25A975-45B3-4D96-A3DA-EF388D7C0C78"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50BDBDEA-E9AA-4D3D-B0C1-35552D2A6FE0"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C08D75E-8340-4522-88C5-3871B461EA63"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC47E00A-8A0D-4D66-BA63-9D9400584815"}, {"criteria": "cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76F34238-5ADD-4491-A01F-ECD62ECF10DB"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}