CVE-2025-65026 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-65026 PUBLISHED CVSS 6.099999904632568 MEDIUM

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

EPSS 0.03% · 8.3th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.03%

8.3th percentile

Affected Products

Vendor	Product	Versions
github.com	esm-dev/esm.sh	0
esm	esm.sh	0
esm-dev	esm.sh	*

Timeline

Nov 19, 2025 CVE Published
Nov 20, 2025 EPSS Score
Nov 24, 2025 EPSS Score
Nov 27, 2025 CVE Updated
Nov 29, 2025 EPSS Score
Dec 3, 2025 EPSS Score
Dec 7, 2025 EPSS Score
Dec 12, 2025 EPSS Score
Dec 16, 2025 EPSS Score
Dec 20, 2025 EPSS Score
Dec 24, 2025 EPSS Score
Dec 29, 2025 EPSS Score

References

Open in Interactive Console →