CVE-2025-46653 Information
Apr 27, 2025
cve
Description
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however hexoid is documented as not ## Reference https://github.com/node-formidable/formidable/blob/d0fbec13edc8add54a1afb9ce1a8d3db803f8d47/CHANGELOG.md?plain=1#L10 https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5 https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md
Related CNNVD
CNNVD-202510-4077 (Published: 2025-10-29)
Share on: