DevGuard Logo

/🛡️ DevGuard
Group
/👩‍💻 DevGuard Web
Repository

Overview
Compliance
Code Risks
Dependency Risks
Dependencies

CVE-2025-5889

A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue.

Fixed
LOW (1.8)
  • T

    Tim Bastin detected CVE-2025-5889 with a risk of 0.36

    main
  • logo

    System detected CVE-2025-5889 with scanner: container-scanning

    main
  • T

    Tim Bastin fixed CVE-2025-5889

    main
  • logo

    System updated the risk assessment from 0.36 to 1.45

    main

    System recalculated raw risk assessment

  • S

    Sebastian Kawelke updated the risk assessment from 1.45 to 1.75

    main

    Confidentiality Requirement updated: medium -> high, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

Reopen this vulnerability

You can reopen this vuln, if you plan to mitigate the risk now, or accepted this vuln by accident.

Last calculated at:

Affected component

Logo von npm brace-expansion

Installed version:
2.0.1
Fixed in:
2.0.2
Show in dependency graph

Quick Fix

Update all Dependencies
Update only brace-expansion

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 71cda54d19c6900d5d185b8bc7c11608a8a65bac