VDB
DEBIAN-CVE-2025-7783
DEBIAN-CVE-2025-7783
PUBLISHED
CVSS 9.399999618530273 CRITICAL
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Risk Scores
CVSS 4.0
9.399999618530273
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | node-form-data | 0, 0 |
| Debian:13 | node-form-data | 0, 0 |
| Debian:11 | node-form-data | 0, 0, 3.0.0-2 |
| Debian:12 | node-form-data | 0, 4.0.0-1, 4.0.0-1 |
Exploit Intelligence
- POC of CVE-2025-7783 (github-poc)
- integ.minimal-options.ts (github-poc)
- integ.scan-logs-output-s3-sbom.ts (github-poc)
- integ.image-scanner-with-trivy.ts (github-poc)
- integ.all-options.ts (github-poc)
- integ.scan-logs-output-cw.ts (github-poc)
- integ.scan-logs-output-s3.ts (github-poc)
Timeline
- Jul 18, 2025 CVE Published
- Apr 28, 2026 CVE Updated