CVE-2025-13466 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-13466 PUBLISHED CVSS 5.5 MEDIUM

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1.

EPSS 0.02% · 5.3th percentile

Risk Scores

CVSS v4.0

5.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:P/AU:Y

EPSS Score

0.02%

5.3th percentile

Affected Products

Vendor	Product	Versions
body-parser	body-parser	2.2.0
npm	body-parser	2.2.0

Timeline

Nov 20, 2025 CVE ID Reserved
Nov 24, 2025 Coalition ESS Score
Nov 24, 2025 CVE Published
Nov 24, 2025 PoC Published
Nov 24, 2025 PoC Published
Nov 24, 2025 CVE Updated
Nov 25, 2025 EPSS Score
Nov 29, 2025 EPSS Score
Dec 1, 2025 Coalition ESS Score
Dec 3, 2025 EPSS Score
Dec 7, 2025 EPSS Score
Dec 12, 2025 EPSS Score

References

Open in Interactive Console →