Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.06%
17.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| npm | typeorm | 0 |
Timeline
- Oct 29, 2025 CVE Published
- Oct 29, 2025 Coalition ESS Score
- Oct 30, 2025 EPSS Score
- Oct 30, 2025 Coalition ESS Score
- Oct 30, 2025 CVE Updated
- Oct 31, 2025 Coalition ESS Score
- Nov 2, 2025 Coalition ESS Score
- Nov 3, 2025 Coalition ESS Score
- Nov 4, 2025 EPSS Score
- Nov 4, 2025 Coalition ESS Score
- Nov 5, 2025 Coalition ESS Score
- Nov 9, 2025 EPSS Score
References
- https://github.com/typeorm/typeorm/releases?q=security&expanded=true url
- https://github.com/typeorm/typeorm/pull/11574 url
- https://github.com/typeorm/typeorm/releases/tag/0.3.26 url
- https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-60542 advisory
- https://github.com/typeorm/typeorm/commit/d57fe3bd8578b0b8f9847647fd046bccf825a7ef url
- https://github.com/mysqljs/sqlstring/blob/cd528556b4b6bcf300c3db515026935dedf7cfa1/lib/SqlString.js#L54 url
- https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/base/connection.js#L524 url
- https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/connection_config.js#L124 url
- https://github.com/typeorm/typeorm/blob/0.3.25/src/driver/mysql/MysqlConnectionOptions.ts url
- http://github.com/typeorm/typeorm package