CVE-2025-27789

Summary

CVE-2025-27789 is a vulnerability affecting Babel, a JavaScript compiler, prior to versions 7.26.10 and 8.0.0-alpha.17. This issue arises when using regular expression named capturing groups during the compilation process, leading to a polyfill for the `.replace` method with quadratic complexity on specific replacement pattern strings. The vulnerability is triggered when untrusted strings are used as the second argument to `.replace`. Upgrading to `@babel/helpers` and `@babel/runtime` versions 7.26.10 and 8.0.0-alpha.17, or upgrading `@babel/core` to version 7.26.10, resolves the issue. It's important to note that re-compiling the code is also required for the fix to take effect. No known workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.