What is CVE-2025-4759?

CVE-2025-4759 is a high-severity vulnerability in Lockfile-lint-api, classified under CWE-179. CVSS score: 8.3/10. Published 2025-05-16.

How severe is CVE-2025-4759?

High severity. CVSS v3 base score is 8.3 out of 10.

Vulnerability in Lockfile-lint-api

CVE-2025-4759

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an at…

EPSS: 0.002 (38.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:P.

Affected products

N/a Lockfile-lint-api — versions 0

Weakness classification (CWE)

CWE-179

References

security.snyk.io/vuln/SNYK-JS-LOCKFILELINTAPI-10169587
gist.github.com/Xavier59/881aef04940970dc3e738dcbff64151f
github.com/lirantal/lockfile-lint/blob/89b5cad028df4d77bab2b73ac93bc61e392668ab…
github.com/lirantal/lockfile-lint/pull/204
github.com/lirantal/lockfile-lint/commit/9e5305bd3e4f0c6acc0d23ec43eac2bd5303b4…

Frequently asked questions

What is CVE-2025-4759?: CVE-2025-4759 is a high-severity vulnerability in Lockfile-lint-api, classified under CWE-179. CVSS score: 8.3/10. Published 2025-05-16.
How severe is CVE-2025-4759?: High severity. CVSS v3 base score is 8.3 out of 10.