VYPR
Medium severity4.3NVD Advisory· Published Jun 9, 2025· Updated Apr 29, 2026

CVE-2025-5891

CVE-2025-5891

Description

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pm2npm
< 7.0.07.0.0

Affected products

2
  • Keymetric/Pm22 versions
    cpe:2.3:a:keymetric:pm2:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:keymetric:pm2:*:*:*:*:*:*:*:*range: <=6.0.6
    • (no CPE)range: <=6.0.6

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.