CVE-2025-30358

Summary

CVE-2025-30358 is a class pollution vulnerability affecting Mesop, a Python-based UI framework used for building web applications. Prior to version 0.14.1, Mesop is susceptible to this issue, which allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability poses a threat of a denial-of-service (DoS) attack against servers. Moreover, given an application's implementation, it could potentially result in identity confusion, allowing attackers to impersonate assistants or system roles. In severe cases, this impersonation could enable jailbreak attacks while interacting with large language models. The vulnerability could also lead to manipulation of data-flow or control-flow at runtime, potentially resulting in remote code execution when gadgets are available. To mitigate this issue, users are advised to upgrade to Mesop version 0.14.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.