VYPR
Unrated severityOSV Advisory· Published Dec 29, 2025· Updated Dec 31, 2025

CVE-2025-65570

CVE-2025-65570

Description

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather than consuming it during OP_INSTANCEOF. As a result, OP_NEXT interprets the array as an iterator object and reads the iterCmd function pointer from an invalid structure, potentially causing a crash or enabling code execution depending on heap layout.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jsish/JsishOSV2 versions
    2.0+ 1 more
    • (no CPE)range: 2.0
    • (no CPE)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.