CVE-2025-1302 is identified as a high-severity vulnerability in versions of the jsonpath-plus package prior to 10.3.0. This vulnerability allows Remote Code Execution (RCE) due to improper input sanitization, where an attacker can execute arbitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. The potential for exploitation is high, and organizations should prioritize patching immediately to mitigate risks.
The CVSS score for this vulnerability is 8.9, indicating a significant risk to organizations that utilize this package. The impact includes high confidentiality, integrity, and availability risks, making it imperative for organizations to address this vulnerability swiftly.
Currently, there are known exploits available for this vulnerability, emphasizing the urgency for organizations to implement a patch or mitigation strategy as soon as possible.
Organizations can find more information on the vulnerability and its mitigation strategies through various resources.
The vulnerability was published on February 15, 2025, and is classified under CWE-94. An incomplete fix for a prior vulnerability, CVE-2024-21534, is noted as a contributing factor.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)