CVE-2025-57810

HIGH EPSS 46.9%
Published Aug 26, 202510mo ago · Modified Jun 17, 20261w ago
8.7 CVSS 4.0
High
Find Similar
Published Aug 26, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

CVSS Details

Base Score
8.7
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
46.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-20 Improper Input Validation Validation
CWE-770

Affected Products 1

VendorProductVersionRange
paralljspdf* <3.0.2

References 4

  • github.com https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9
    Patch
  • github.com https://github.com/parallax/jsPDF/pull/3880
    Issue Tracking
  • github.com https://github.com/parallax/jsPDF/releases/tag/v3.0.2
    Release Notes
  • github.com https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9
    Patch