CVE-2025-13465
Description
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unsetand _.omitfunctions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.The issue permits deletion of properties but does not allow overwriting their original behavior.This issue is patched on 4.17.23
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.025
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 9.0.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 9.5.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 9.5.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 13.0.6.1 | Windows |
| Vulnerabilities CVE-2025-13465,CVE-2026-25639 are affected in IBM App Connect Enterprise 12.0.12.23 | Windows |
| Vulnerabilities CVE-2025-13465,CVE-2026-25639,CVE-2026-25896,CVE-2026-26278 are affected in IBM App Connect Enterprise 12.0.12.23 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.12.23 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Faspex 5.0.15 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234