CVE-2025-1302

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 15, 2025

CWE ID 94

Summary

CVE-2025-1302: Versions of the jsonpath-plus package prior to 10.3.0 contain a Remote Code Execution (RCE) vulnerability due to insufficient input sanitization. An attacker can exploit the unsafe default usage of 'eval=safe' mode to execute arbitrary code on the affected system. This issue stems from an incomplete fix for CVE-2024-21534. Organizations using jsonpath-plus are advised to upgrade immediately to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3XTKHz
https://www.cve.org/CVERecord?id=CVE-2025-1302
https://nvd.nist.gov/vuln/detail/CVE-2025-1302

Back to Vulnerability Database

CVE-2025-1302

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations