CNNVD-202510-1203 Information

Oct 08, 2025 cve

CNNVD ID

CNNVD-202510-1203

CVE-2025-61785

CNNVD Published: 2025-10-08

Description (Chinese)

Deno是Deno开源的一个简单、现代且安全的 JavaScript 和 TypeScript 运行环境。 Deno 2.5.3之前版本和2.2.15之前版本存在安全漏洞，该漏洞源于utime和utimeSync方法未受权限模型限制，可能导致绕过权限模型。

Description (English)

Deno is a simple, modern and safe JavaScript and TypeScript operating environment for Deno. There is a security loophole in the pre-Deno 2.5.3 and pre-2.2.15 versions, which stems from the fact that the utime and utimeSync methods are not subject to the permission model and may result in circumvention of the permission model.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Deno

Published

2025-10-08

Last Modified

2026-02-24

References

https://github.com/denoland/deno/commit/992e998dfe436cdc9325232759af8be92f11739b https://github.com/denoland/deno/pull/30872 https://github.com/denoland/deno/releases/tag/v2.2.15 https://github.com/denoland/deno/releases/tag/v2.5.3 https://github.com/denoland/deno/security/advisories/GHSA-vg2r-rmgp-cgqj https://access.redhat.com/security/cve/cve-2025-61785

Patch

https://deno.com/

Share on: