vulnerability
Red Hat: CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jul 15, 2022 | Jul 9, 2025 | Jul 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jul 15, 2022
Added
Jul 9, 2025
Modified
Jul 10, 2025
Description
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Solution
no-fix-redhat-rpm-package
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.