Low severityNVD Advisory· Published Sep 24, 2025· Updated Sep 26, 2025
CVE-2025-57325
CVE-2025-57325
Description
rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rollbarnpm | < 2.26.5 | 2.26.5 |
rollbarnpm | >= 3.0.0-alpha1, < 3.0.0-beta5 | 3.0.0-beta5 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-r8c2-2qwq-94p6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-57325ghsaADVISORY
- github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/rollbar%402.26.4/index.jsghsaWEB
- github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57325ghsaWEB
- github.com/rollbar/rollbar.js/commit/d717def8b68f4a947975d0aebb729869cdb2d343ghsaWEB
- github.com/rollbar/rollbar.js/issues/1333ghsaWEB
- github.com/rollbar/rollbar.js/security/advisories/GHSA-r8c2-2qwq-94p6ghsaWEB
News mentions
0No linked articles in our index yet.