{"api_version":"1","generated_at":"2026-07-07T20:21:08+00:00","cve":"CVE-2025-61140","urls":{"html":"https://cve.report/CVE-2025-61140","api":"https://cve.report/api/cve/CVE-2025-61140.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-61140","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-61140"},"summary":{"title":"CVE-2025-61140","description":"The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.","state":"PUBLISHED","assigner":"mitre","published_at":"2026-01-28 16:16:13","updated_at":"2026-06-30 03:16:54"},"problem_types":["CWE-1321","CWE-502","n/a","CWE-1321 CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","CWE-502 Deserialization of Untrusted Data"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"ADP","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:3960","name":"https://access.redhat.com/errata/RHSA-2026:3960","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3962","name":"https://access.redhat.com/errata/RHSA-2026:3962","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:6802","name":"https://access.redhat.com/errata/RHSA-2026:6802","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:2181","name":"https://access.redhat.com/errata/RHSA-2026:2181","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:6174","name":"https://access.redhat.com/errata/RHSA-2026:6174","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61140.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61140.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/dchester/jsonpath","name":"https://github.com/dchester/jsonpath","refsource":"cve@mitre.org","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:2180","name":"https://access.redhat.com/errata/RHSA-2026:2180","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d","name":"https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d","refsource":"cve@mitre.org","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-61140","name":"https://access.redhat.com/security/cve/CVE-2025-61140","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433946","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2433946","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-61140","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61140","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.1","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Developer Hub 1.8","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Self-service automation portal 2.0","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Migration Toolkit for Virtualization","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"OpenShift Pipelines","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Fuse 7","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Quay 3","version":"","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-01-28T17:00:46.678Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-01-28T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[{"source":"ADP","title":"","value":"RHSA-2026:2181: Red Hat Ansible Automation Platform 2.1","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:3962: Red Hat Ansible Automation Platform 2.5","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:6174: Red Hat Developer Hub 1.8","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:6802: Red Hat Developer Hub 1.9","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:2180: Self-service automation portal 2.0","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"61140","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dchester","cpe5":"jsonpath","cpe6":"1.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"61140","cve":"CVE-2025-61140","epss":"0.003990000","percentile":"0.318850000","score_date":"2026-07-01","updated_at":"2026-07-02 00:05:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-61140","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-01-29T15:14:47.234312Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1321","description":"CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-01-29T15:16:15.666Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:ansible_portal:2.1"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.5","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"defaultStatus":"affected","product":"Red Hat Developer Hub 1.9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_portal:2.0"],"defaultStatus":"affected","product":"Self-service automation portal 2.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"],"defaultStatus":"affected","product":"Migration Toolkit for Virtualization","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"affected","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"unaffected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3"],"defaultStatus":"unaffected","product":"Red Hat Quay 3","vendor":"Red Hat"}],"datePublic":"2026-01-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in jsonpath. The `value` function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object's prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS)."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:46:15.450Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-61140"},{"name":"RHBZ#2433946","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433946"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61140.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:2181"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3962"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6174"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6802"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:2180"}],"solutions":[{"lang":"en","value":"RHSA-2026:2181: Red Hat Ansible Automation Platform 2.1"},{"lang":"en","value":"RHSA-2026:3962: Red Hat Ansible Automation Platform 2.5"},{"lang":"en","value":"RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6"},{"lang":"en","value":"RHSA-2026:6174: Red Hat Developer Hub 1.8"},{"lang":"en","value":"RHSA-2026:6802: Red Hat Developer Hub 1.9"},{"lang":"en","value":"RHSA-2026:2180: Self-service automation portal 2.0"}],"timeline":[{"lang":"en","time":"2026-01-28T17:00:46.678Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-01-28T00:00:00.000Z","value":"Made public."}],"title":"jsonpath: jsonpath: Prototype Pollution vulnerability in the value function","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-01-28T15:55:42.516Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://github.com/dchester/jsonpath"},{"url":"https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2025-61140","datePublished":"2026-01-28T00:00:00.000Z","dateReserved":"2025-09-26T00:00:00.000Z","dateUpdated":"2026-06-30T02:46:15.450Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-01-28 16:16:13","lastModifiedDate":"2026-06-30 03:16:54","problem_types":["CWE-1321","CWE-502","n/a","CWE-1321 CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","CWE-502 Deserialization of Untrusted Data"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-29T15:14:47.234312Z","id":"CVE-2025-61140","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dchester:jsonpath:1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D5AD03C5-77EE-43F4-8F1E-1AB0757FE7C1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"61140","Ordinal":"1","Title":"CVE-2025-61140","CVE":"CVE-2025-61140","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"61140","Ordinal":"1","NoteData":"The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.","Type":"Description","Title":"CVE-2025-61140"}]}}}