High severityNVD Advisory· Published Sep 30, 2025· Updated Oct 3, 2025
CVE-2025-56571
CVE-2025-56571
Description
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
financejsnpm | <= 4.1.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-f8r4-mf27-rf7mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-56571ghsaADVISORY
- financejs.comghsaWEB
- medium.com/@nakah_/cve-2025-56571-and-cve-2025-56572-denial-of-service-vulnerabilities-in-finance-js-78f8b399f53bghsaWEB
- raw.githack.com/ebradyjobory/finance.js/6d571ea2a86d08491ceb584e292e9b76b0a60636/finance.jsghsaWEB
News mentions
0No linked articles in our index yet.