Resource exhaustion in Ajv.js Ajv
CVE-2025-69873
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is…
Vulnerability class: ReDoS (Regular Expression Denial of Service)
EPSS: 0.005 (38.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.9 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Ajv.js Ajv — versions 0, 7.0.0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-69873?
- CVE-2025-69873 is a low-severity vulnerability in Ajv.js Ajv, classified under Inefficient Regular Expression Complexity. CVSS score: 2.9/10. Published 2026-02-11.
- How severe is CVE-2025-69873?
- Low severity. CVSS v3 base score is 2.9 out of 10.