CNNVD-202507-1529 Information

CNNVD ID

CNNVD-202507-1529

Related CVE

CVE-2025-53626

• CNNVD Published: 2025-07-10

Description (Chinese)

PDFME是pdfme开源的一个使用TypeScript和React构建的开源PDF生成库。 PDFME 5.2.0至5.4.0版本存在安全漏洞，该漏洞源于表达式评估功能可能导致沙箱逃逸，引发跨站脚本和原型污染攻击。

Description (English)

PDFME is an open source PDF generator library constructed using TypeScript and React. Versions 5.2.0 to 5.4.0 contain a security loophole, which stems from the expression assessment function that could lead to a sandbox escape and trigger a cross-site script and prototype pollution attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PDFsam

Published

2025-07-10

Last Modified

2026-02-24

References

https://github.com/pdfme/pdfme/commit/0dd54739acff2c249ed68c001a896bee38f0fd85 https://github.com/pdfme/pdfme/security/advisories/GHSA-54xv-94qv-2gfg https://nvd.nist.gov/vuln/detail/CVE-2025-53626 https://access.redhat.com/security/cve/cve-2025-53626

Patch

https://github.com/pdfme/pdfme/releases