Moderate severityNVD Advisory· Published Sep 24, 2025· Updated Sep 25, 2025
CVE-2025-57324
CVE-2025-57324
Description
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
parsenpm | < 7.0.0-alpha.1 | 7.0.0-alpha.1 |
Affected products
2- parse/parsedescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9g8m-v378-pcg3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-57324ghsaADVISORY
- github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/parse%405.3.0/index.jsghsaWEB
- github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57324ghsaWEB
- github.com/parse-community/Parse-SDK-JS/commit/9e7c1bad472b1ed2463cbac567b8ec752ae5b4c9ghsaWEB
News mentions
0No linked articles in our index yet.