High severity7.5GHSA Advisory· Published Sep 24, 2025· Updated Apr 15, 2026
CVE-2025-57319
CVE-2025-57319
Description
fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. NOTE: the Supplier disputes this because the reporter only demonstrated access to properties by an internal utility function, and there is no means for achieving prototype pollution via the public API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fast-redactnpm | <= 3.5.0 | — |
Affected products
120- Range: <= 3.5.0
- osv-coords119 versionspkg:apk/chainguard/kibana-7pkg:apk/chainguard/kibana-7-bitnamipkg:apk/chainguard/kibana-8.17pkg:apk/chainguard/kibana-8.17-bitnamipkg:apk/chainguard/kibana-8.17-iamguardedpkg:apk/chainguard/kibana-8.18pkg:apk/chainguard/kibana-8.18-bitnamipkg:apk/chainguard/kibana-8.18-iamguardedpkg:apk/chainguard/kibana-8.19pkg:apk/chainguard/kibana-8.19-bitnamipkg:apk/chainguard/kibana-8.19-iamguardedpkg:apk/chainguard/kibana-9.0pkg:apk/chainguard/kibana-9.0-bitnamipkg:apk/chainguard/kibana-9.0-iamguardedpkg:apk/chainguard/kibana-9.1pkg:apk/chainguard/kibana-9.1-bitnamipkg:apk/chainguard/kibana-9.1-iamguardedpkg:apk/chainguard/kibana-9.2pkg:apk/chainguard/kibana-9.2-iamguardedpkg:apk/chainguard/langfusepkg:apk/chainguard/langfuse-compatpkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3pkg:apk/chainguard/opensearch-dashboards-3-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-configpkg:apk/chainguard/opensearch-dashboards-3-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-3-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-3-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-3-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-3-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-3-fipspkg:apk/chainguard/opensearch-dashboards-3-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-configpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-3-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-3-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-3-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-security-dashboards-pluginpkg:apk/chainguard/prismpkg:apk/chainguard/sqlpadpkg:apk/chainguard/sqlpad-compatpkg:apk/wolfi/langfusepkg:apk/wolfi/langfuse-compatpkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3pkg:apk/wolfi/opensearch-dashboards-3-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-configpkg:apk/wolfi/opensearch-dashboards-3-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-3-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-3-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-3-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-3-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-3-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-3-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-3-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-security-dashboards-pluginpkg:apk/wolfi/prismpkg:apk/wolfi/sqlpadpkg:apk/wolfi/sqlpad-compatpkg:npm/fast-redact
< 0+ 118 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.1.7-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.2.1-r0
- (no CPE)range: < 0
- (no CPE)range: < 3.125.0-r0
- (no CPE)range: < 3.125.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.125.0-r0
- (no CPE)range: < 3.125.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: <= 3.5.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-ffrw-9mx8-89p8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-57319ghsaADVISORY
- github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/fast-redact%403.5.0/index.jsnvdWEB
- github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57319nvdWEB
- github.com/davidmarkclements/fast-redact/issues/75nvdWEB
News mentions
0No linked articles in our index yet.