Miggo Logo

CVE-2025-22150: Use of Insufficiently Random Values in undici

6.8

CVSS Score
3.1

Basic Information

EPSS Score
0.10323%
Published
1/21/2025
Updated
1/22/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
undicinpm>= 4.5.0, < 5.28.55.28.5
undicinpm>= 6.0.0, < 6.21.16.21.1
undicinpm>= 7.0.0, < 7.2.37.2.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure random number generation for multipart boundaries. The commit diff shows the boundary generation in extractBody() originally used Math.random() (CWE-330). The line const boundary = ...Math.random()... in body.js was identified as vulnerable in multiple references (HackerOne report, NVD description). The patch replaces Math.random() with crypto.randomInt, confirming this was the vulnerable code path. The function's role in generating security-sensitive boundaries and direct use of non-cryptographic RNG makes it the clear vulnerability source.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t [Un*i*i `**t**()` us*s M*t*.r*n*om()](*ttps://*it*u*.*om/no**js/un*i*i/*lo*/****************************************/li*/w**/**t**/*o*y.js#L***) to **oos* t** *oun**ry *or * multip*rt/*orm-**t* r*qu*st. It is known t**t t** output o* M*t*

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* r*n*om num**r **n*r*tion *or multip*rt *oun**ri*s. T** *ommit *i** s*ows t** *oun**ry **n*r*tion in *xtr**t*o*y() ori*in*lly us** M*t*.r*n*om() (*W*-***). T** lin* `*onst *oun**ry = ...M*t*.r*n*om()...` in *o*y.j