Vulnerability in Agronholm Cbor2
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations…
EPSS: 0.000 (5.4th percentile) — read the EPSS interpretation.
Affected products
- Agronholm Cbor2 — versions >= 3.0.0, < 5.8.0
Weakness classification (CWE)
References
- https://github.com/agronholm/cbor2/security/advisories/GHSA-wcj4-jw5j-44wh (x_refsource_CONFIRM)
- https://github.com/agronholm/cbor2/pull/268 (x_refsource_MISC)