CVE-2025-69873
Description
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ajvnpm | >= 7.0.0-alpha.0, < 8.18.0 | 8.18.0 |
ajvnpm | < 6.14.0 | 6.14.0 |
Affected products
60- osv-coords60 versionspkg:apk/chainguard/arangodb-3.11pkg:apk/chainguard/arangodb-3.12pkg:apk/chainguard/argo-workflows-ui-3.6pkg:apk/chainguard/argo-workflows-ui-3.7pkg:apk/chainguard/argo-workflows-ui-4.0pkg:apk/chainguard/eslintpkg:apk/chainguard/kibana-8.19pkg:apk/chainguard/kibana-8.19-bitnamipkg:apk/chainguard/kibana-8.19-iamguardedpkg:apk/chainguard/kibana-9.2pkg:apk/chainguard/kibana-9.2-iamguardedpkg:apk/chainguard/kibana-9.3pkg:apk/chainguard/kibana-9.3-iamguardedpkg:apk/chainguard/kubeflow-centraldashboardpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/langfuse-2pkg:apk/chainguard/langfuse-2-workerpkg:apk/chainguard/langfuse-3pkg:apk/chainguard/langfuse-3-workerpkg:apk/chainguard/langfuse-fips-2pkg:apk/chainguard/langfuse-fips-2-workerpkg:apk/chainguard/langfuse-fips-3pkg:apk/chainguard/langfuse-fips-3-workerpkg:apk/chainguard/librechatpkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3pkg:apk/chainguard/opensearch-dashboards-3-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3-fipspkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-observabilitypkg:apk/chainguard/prismpkg:apk/chainguard/renovatepkg:apk/chainguard/safpkg:apk/chainguard/servepkg:apk/chainguard/tileserver-glpkg:apk/chainguard/tileserver-gl-fipspkg:apk/chainguard/vitess-22pkg:apk/chainguard/vitess-23pkg:apk/chainguard/wazuh-dashboardpkg:apk/wolfi/argo-workflows-ui-3.7pkg:apk/wolfi/argo-workflows-ui-4.0pkg:apk/wolfi/eslintpkg:apk/wolfi/kubeflow-centraldashboardpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/langfuse-3pkg:apk/wolfi/langfuse-3-workerpkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-3pkg:apk/wolfi/opensearch-dashboards-3-dashboards-observabilitypkg:apk/wolfi/prismpkg:apk/wolfi/renovatepkg:apk/wolfi/safpkg:apk/wolfi/servepkg:apk/wolfi/tileserver-glpkg:apk/wolfi/vitess-22pkg:apk/wolfi/vitess-23pkg:npm/ajv
< 3.11.14.3-r0+ 59 more
- (no CPE)range: < 3.11.14.3-r0
- (no CPE)range: < 3.12.7.2-r2
- (no CPE)range: < 3.6.19-r2
- (no CPE)range: < 3.7.10-r3
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 10.0.2-r0
- (no CPE)range: < 8.19.13-r0
- (no CPE)range: < 8.19.13-r0
- (no CPE)range: < 8.19.13-r0
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 9.2.7-r0
- (no CPE)range: < 9.3.2-r0
- (no CPE)range: < 9.3.2-r0
- (no CPE)range: < 1.10.0-r12
- (no CPE)range: < 2.15.0-r12
- (no CPE)range: < 2.95.12-r10
- (no CPE)range: < 2.95.12-r10
- (no CPE)range: < 3.155.1-r2
- (no CPE)range: < 3.155.1-r2
- (no CPE)range: < 2.95.12-r15
- (no CPE)range: < 2.95.12-r15
- (no CPE)range: < 3.155.1-r1
- (no CPE)range: < 3.155.1-r1
- (no CPE)range: < 0.8.2-r4
- (no CPE)range: < 2.19.4-r15
- (no CPE)range: < 2.19.4-r11
- (no CPE)range: < 2.19.5-r5
- (no CPE)range: < 2.19.4-r11
- (no CPE)range: < 3.5.0-r6
- (no CPE)range: < 3.5.0-r5
- (no CPE)range: < 3.5.0-r9
- (no CPE)range: < 3.5.0-r3
- (no CPE)range: < 5.14.3-r7
- (no CPE)range: < 43.38.0-r1
- (no CPE)range: < 1.6.0-r0
- (no CPE)range: < 14.2.6-r0
- (no CPE)range: < 5.5.0-r5
- (no CPE)range: < 5.5.0-r6
- (no CPE)range: < 22.0.3-r2
- (no CPE)range: < 23.0.2-r1
- (no CPE)range: < 4.14.4-r1
- (no CPE)range: < 3.7.10-r3
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 10.0.2-r0
- (no CPE)range: < 1.10.0-r12
- (no CPE)range: < 2.15.0-r12
- (no CPE)range: < 3.155.1-r2
- (no CPE)range: < 3.155.1-r2
- (no CPE)range: < 2.19.4-r15
- (no CPE)range: < 2.19.4-r11
- (no CPE)range: < 3.5.0-r6
- (no CPE)range: < 3.5.0-r5
- (no CPE)range: < 5.14.3-r7
- (no CPE)range: < 43.38.0-r1
- (no CPE)range: < 1.6.0-r0
- (no CPE)range: < 14.2.6-r0
- (no CPE)range: < 5.5.0-r5
- (no CPE)range: < 22.0.3-r2
- (no CPE)range: < 23.0.2-r1
- (no CPE)range: >= 7.0.0-alpha.0, < 8.18.0
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-2g4f-4pwh-qvx6nvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-69873ghsaADVISORY
- github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.mdnvdWEB
- github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5ghsaWEB
- github.com/ajv-validator/ajv/pull/2586ghsaWEB
- github.com/ajv-validator/ajv/pull/2588nvdWEB
- github.com/ajv-validator/ajv/pull/2590nvdWEB
- github.com/ajv-validator/ajv/releases/tag/v6.14.0nvdWEB
- github.com/ajv-validator/ajv/releases/tag/v8.18.0ghsaWEB
- github.com/github/advisory-database/pull/6991nvdWEB
News mentions
0No linked articles in our index yet.