CVE-2025-9308
Vulnerability
CVE-2025-9308
yarn: yarnpkg regular expression denial of service
ecosystem: redhat:8A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects products that are no longer supported by the maintainer.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-9308
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2390129
- secalert@redhat.com: https://github.com/yarnpkg/yarn/pull/9203
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-9308
- secalert@redhat.com: https://vuldb.com/?ctiid.320913
- secalert@redhat.com: https://vuldb.com/?id.320913
- secalert@redhat.com: https://vuldb.com/?submit.633486
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-9308
severityL
Low
type: vendor
source: secalert@redhat.com
CVSS3.1
3.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
| AV | Local | |
|---|---|---|
| AC | Low | |
| PR | Low | |
| UI | None | |
| S | Not Changed | |
| C | None | |
| I | None | |
| A | Low |
source: secalert@redhat.com
CWE
CWE-400Uncontrolled Resource Consumption
source: secalert@redhat.com
published: 2025-08-21 16:02:12
modified: 2025-08-23 16:16:32
Detection
redhat:8
OR
unfixedFix deferred
grafana
package type: source
type: version
tag: rhel-8-including-unpatched:0e04bc73-f78d-8230-a264-85acea86d3a2
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
