CVE-2026-25204

HIGH EPSS 21.8%

Published Apr 13, 20262mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Apr 13, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

21.8% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 2

CWE-502 Deserialization of Untrusted Data Validation

CWE-843

Affected Products 1

Vendor	Product	Version	Range
samsung	escargot	*	<2026-03-28

References 1

github.com https://github.com/Samsung/escargot/pull/1554

Issue TrackingPatch

Remediation

github.com https://github.com/Samsung/escargot/pull/1554

Issue TrackingPatch