VDB
CVE-2025-3982
CVE-2025-3982
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS 0.49% · 65.6th percentile
Risk Scores
CVSS v4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.49%
65.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nortikin | Sverchok | 1.3.0 |
| nortikin | sverchok | 1.3.0 |
Timeline
- Apr 27, 2025 CVE Published
- Apr 27, 2025 PoC Published
- Apr 27, 2025 PoC Published
- Apr 28, 2025 EPSS Score
- May 10, 2025 EPSS Score
- May 22, 2025 EPSS Score
- Jun 1, 2025 Coalition ESS Score
- Jun 3, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
- Jun 27, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
References
- VDB-306318 | nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution vdb
- VDB-306318 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #557411 | Sverchok Sverchok blender plugin 1.3.0 Improperly Controlled Modification of Object Prototype Attribute third-party-advisory
- https://gist.github.com/superboy-zjc/a31b8ea7466f91b437598297bf5cbce8 exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-3982 advisory