7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-57323

GHSA ID

GHSA-xx4g-r65p-3qf2

EPSS Score

0.11748%

CWE

CWE-1321

Published

9/24/2025

Updated

9/25/2025

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-57323

CVE-2025-57323: mpregular vulnerable to prototype pollution

mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version 0.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-57323

GHSA ID

GHSA-xx4g-r65p-3qf2

EPSS Score

0.11748%

CWE

CWE-1321

Published

9/24/2025

Updated

9/25/2025

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mpregular	npm	<= 0.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the 'mpregular' package, version 0.2.0 and earlier. The core of the issue is in the 'mp.addEventHandler' function, which does not properly sanitize the 'type' argument. An attacker can craft a malicious template that, when parsed by the 'Component.prototype.$init' function, causes 'addEventHandler' to be called with 'type' as 'proto'. This leads to an attempt to call the 'push' method on 'Object.prototype', resulting in a denial-of-service. The advisory also mentions prototype pollution as a consequence, which is a plausible scenario in some JavaScript engines, although my analysis primarily confirms the DoS vector. The identified functions, 'addEventHandler' and 'Component.prototype.$init', are the key components in the execution flow of this vulnerability.

Vulnerable functions

addEventHandler

mpregular.js

When the 'type' argument is '__proto__', the function attempts to access 'self._handles["__proto__"]', which resolves to 'Object.prototype'. The subsequent call to 'event.push()' results in a denial-of-service because 'Object.prototype' does not have a 'push' method. The advisory also claims this can lead to prototype pollution.

Component.prototype.$init

mpregular.js

This function is the entry point for the vulnerability when a malicious template is used. It parses the template, which can result in an 'events' object with a '__proto__' key. It then iterates over this object and calls 'addEventHandler' with the malicious key, triggering the vulnerability.

WAF Protection Rules

WAF Rule

mpr**ul*r is * p**k*** t**t provi**s * sm*ll pro*r*m **v*lopm*nt *r*m*work **s** on R**ul*rJS. * Prototyp* Pollution vuln*r**ility in t** mp.****v*nt**n*l*r *un*tion o* mpr**ul*r v*rsion *.*.* *n* ***or* *llows *tt**k*rs to inj**t prop*rti*s on O*j**

Reasoning

T** vuln*r**ility li*s in t** 'mpr**ul*r' p**k***, v*rsion *.*.* *n* **rli*r. T** *or* o* t** issu* is in t** 'mp.****v*nt**n*l*r' *un*tion, w*i** *o*s not prop*rly s*nitiz* t** 'typ*' *r*um*nt. *n *tt**k*r **n *r**t * m*li*ious t*mpl*t* t**t, w**n p

7.5

Basic Information

Concerned about an active attack path?

CVE-2025-57323: mpregular vulnerable to prototype pollution

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI