PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-61140 Dchester CVE debrief

CVE-2025-61140 is a critical vulnerability in the jsonpath library, version 1.1.1. The vulnerability is caused by a Prototype Pollution issue in the value function in lib/index.js. This vulnerability has been assigned a CVSS score of 9.8, indicating a high severity. The CVE was published on January 28, 2026, and last modified on June 30, 2026. The vulnerability affects the jsonpath product from Dchester. Limited information is available on the exact impact and affected scope, but it is known to be related to Prototype Pollution.

Vendor
Dchester
Product
jsonpath
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-28
Original CVE updated
2026-06-30
Advisory published
2026-01-28
Advisory updated
2026-06-30

Who should care

Organizations using the jsonpath library, version 1.1.1, should be aware of this vulnerability and take necessary steps to mitigate it. This includes reviewing their inventory of affected products and applying patches or workarounds as available. Additionally, defenders should monitor for potential exploitation attempts and have incident response plans in place.

Technical summary

The jsonpath library, version 1.1.1, is vulnerable to Prototype Pollution due to an issue in the value function in lib/index.js. This vulnerability can be exploited by an attacker to modify the prototype of an object, potentially leading to security issues. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL. The CWE-1321 and CWE-502 weaknesses are associated with this vulnerability.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it has a high CVSS score and is considered CRITICAL. Defenders should review their inventory of affected products and apply patches or workarounds as available.

Recommended defensive actions

  • Review inventory of affected jsonpath 1.1.1 products
  • Apply patches or workarounds as available
  • Monitor for potential exploitation attempts
  • Have incident response plans in place
  • Consider compensating controls, such as input validation and sanitization

Evidence notes

The CVE-2025-61140 vulnerability is based on information from the NVD and CVE.org. The vulnerability is caused by a Prototype Pollution issue in the jsonpath library, version 1.1.1. Limited information is available on the exact impact and affected scope. The CVE was published on January 28, 2026, and last modified on June 30, 2026.

Official resources

This article is AI-assisted and based on the supplied source corpus.