CVE-2025-11362

HIGH

pdfmake < 0.3.0-beta.17 - Denial of Service via Repeated URL Redirects in File Embedding

Title source: llm

Description

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

References (2)

Core 2

Core References

Patch

https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed

View Patch ZIP pw:eip

Third Party Advisory

https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 19.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (2)

npm/pdfmake 0.3.0-beta.1 - 0.3.0-beta.17npm

pdfmake/pdfmake 0.3.0 beta1 (16 CPE variants)

Published Oct 07, 2025

Tracked Since Feb 18, 2026