Miggo Logo
Miggo Vulnerability Database
CVE-2025-53626

CVE-2025-53626:
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-53626
GHSA ID
GHSA-54xv-94qv-2gfg
EPSS Score
0.06597%
CWE
CWE-79
Published
7/10/2025
Updated
7/10/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
@pdfme/commonnpm>= 5.2.0, < 5.4.15.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability exists in the expression evaluation functionality of the @pdfme/common package. The root cause is insufficient sandboxing and validation of user-provided expressions, which allows for sandbox escape leading to Cross-Site Scripting (XSS) and Prototype Pollution.

The analysis of the provided patch 0dd54739acff2c249ed68c001a896bee38f0fd85 reveals that the core of the vulnerability lies within the replacePlaceholders function and the AST evaluation functions it calls, namely evaluateAST and validateAST.

The patch introduces several security enhancements:

  1. Safe Object: It replaces the global Object with a safeObject that omits dangerous methods like getOwnPropertyDescriptor, getPrototypeOf, and defineProperty.
  2. Prototype Pollution Prevention: It explicitly blocks access to properties like __proto__, constructor, and methods like __defineGetter__, __lookupGetter__ within the validateAST and evaluateAST functions.
  3. Safe Object.assign: It introduces a safeAssign function to prevent prototype pollution when using Object.assign.

The replacePlaceholders function is the primary entry point for this vulnerability, as it orchestrates the parsing and evaluation of potentially malicious expressions. The evaluateAST and validateAST functions are the core components that failed to prevent the exploitation. Therefore, any runtime profile during an exploit would likely show these functions in the stack trace.

Vulnerable functions

replacePlaceholders
packages/common/src/expression.ts
This function is the entry point for the expression evaluation feature. It takes a string containing placeholders and evaluates them. Before the patch, it was possible to craft a string that, when evaluated, would escape the sandbox and execute arbitrary JavaScript code or pollute the object prototype. The vulnerability is in the expression evaluation logic that `replacePlaceholders` invokes.
evaluateAST
packages/common/src/expression.ts
This function is responsible for recursively evaluating the Abstract Syntax Tree (AST) of a given expression. The vulnerability lies in the fact that it did not properly sanitize or restrict access to dangerous properties and methods, allowing an attacker to access and manipulate the object prototype chain or execute arbitrary code.
validateAST
packages/common/src/expression.ts
This function is supposed to validate the AST of an expression to prevent the use of dangerous constructs. Before the patch, its validation was incomplete, failing to block access to methods that could be used for prototype pollution. This allowed malicious expressions to proceed to the evaluation stage.

WAF Protection Rules

WAF Rule

## Summ*ry T** *xpr*ssion *v*lu*tion ***tur* in p**m* *.*.* to *.*.* *ont*ins *riti**l vuln*r**iliti*s *llowin* s*n**ox *s**p* l***in* to XSS *n* prototyp* pollution *tt**ks. ## **t*ils ### *. S*n**ox *s**p* L***in* to XSS T** *xpr*ssion *v*lu*tor

Reasoning

T** vuln*r**ility *xists in t** *xpr*ssion *v*lu*tion *un*tion*lity o* t** `@p**m*/*ommon` p**k***. T** root **us* is insu**i*i*nt s*n**oxin* *n* v*li**tion o* us*r-provi*** *xpr*ssions, w*i** *llows *or s*n**ox *s**p* l***in* to *ross-Sit* S*riptin*