What is CVE-2025-57810?

CVE-2025-57810 is a vulnerability in Parallax Jspdf, classified under Improper Input Validation. Published 2025-08-26.

Is CVE-2025-57810 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Parallax Jspdf

CVE-2025-57810

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

Affected products

Parallax Jspdf — versions < 3.0.2

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw (x_refsource_CONFIRM)
https://github.com/parallax/jsPDF/pull/3880 (x_refsource_MISC)
https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9 (x_refsource_MISC)
https://github.com/parallax/jsPDF/releases/tag/v3.0.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-57810?: CVE-2025-57810 is a vulnerability in Parallax Jspdf, classified under Improper Input Validation. Published 2025-08-26.
Is CVE-2025-57810 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.