Unrated severityNVD Advisory· Published Aug 21, 2025· Updated Aug 21, 2025

yarnpkg Yarn request-manager.js setOptions redos

CVE-2025-9308

Description

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

yarnpkg/Yarnllm-create
Range: <=1.22.22
yarnpkg/Yarnv5
Range: 1.22.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.commitrethird-party-advisory
github.com/yarnpkg/yarn/pull/9203mitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000