Skip to main content

CVE-2025-45143: n/a

High
VulnerabilityCVE-2025-45143cvecve-2025-45143
Published: Mon Jun 30 2025 (06/30/2025, 00:00:00 UTC)
Source: CVE Database V5

Description

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

AI-Powered Analysis

AILast updated: 06/30/2025, 17:25:04 UTC

Technical Analysis

CVE-2025-45143 is a vulnerability identified in the string-math library version 1.2.2, characterized as a Regular Expression Denial of Service (ReDoS) attack vector. ReDoS vulnerabilities exploit the fact that certain regular expressions can cause excessive backtracking when processing crafted inputs, leading to significant CPU consumption and potential service disruption. In this case, the vulnerability arises from a specific regular expression used within string-math that, when fed with maliciously crafted input, can cause the system to enter a state of high computational load, effectively denying service to legitimate users. The vulnerability does not require authentication or user interaction beyond sending the crafted input to the affected system. Although no CVSS score has been assigned yet, the nature of ReDoS attacks typically allows attackers to cause denial of service remotely and with relatively low effort. The affected version is string-math v1.2.2, but no other versions are specified. There are no known exploits in the wild at the time of publication, and no patches or mitigations have been officially released. The vulnerability was reserved in April 2025 and published in June 2025, indicating recent discovery. The lack of detailed CWE classification and patch information suggests that the vulnerability is newly disclosed and may require further analysis by maintainers and users of the string-math library.

Potential Impact

For European organizations, the impact of CVE-2025-45143 depends largely on the extent to which string-math v1.2.2 is integrated into their software stacks, particularly in web applications, APIs, or backend services that process user input involving mathematical expressions or string parsing. Successful exploitation can lead to denial of service conditions, causing application downtime, degraded performance, and potential disruption of business-critical services. This can affect customer experience, lead to financial losses, and damage organizational reputation. Sectors such as finance, telecommunications, and e-commerce, which often rely on complex input processing and real-time data handling, may be particularly vulnerable. Additionally, denial of service attacks can be leveraged as part of multi-vector attacks or to distract security teams from other malicious activities. Given the absence of known exploits, the immediate risk is moderate, but the potential for exploitation remains significant if attackers develop reliable attack vectors.

Mitigation Recommendations

European organizations should proactively audit their software dependencies to identify usage of string-math v1.2.2. Where found, immediate mitigation steps include: 1) Applying any available patches or updates from the library maintainers once released. 2) If patches are not yet available, consider temporarily replacing or disabling the vulnerable functionality or implementing input validation and sanitization to reject suspiciously complex or malformed inputs that could trigger the ReDoS. 3) Employ runtime protections such as rate limiting, timeouts, and resource usage monitoring on services that utilize string-math to detect and mitigate potential abuse. 4) Incorporate Web Application Firewalls (WAFs) with custom rules to block or throttle requests exhibiting patterns consistent with ReDoS attempts. 5) Engage in threat intelligence sharing within industry groups to stay informed about emerging exploits and mitigation strategies. 6) Conduct thorough testing of applications to identify any performance degradation linked to regex processing and adjust regex patterns if possible to be more efficient.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-22T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6862c4e76f40f0eb728c75e6

Added to database: 6/30/2025, 5:09:59 PM

Last enriched: 6/30/2025, 5:25:04 PM

Last updated: 7/9/2025, 8:33:31 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats