CVE-2025-49223

CRITICAL

Naver Billboard.js < 3.15.1 - Prototype Pollution

Title source: rule

Description

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Exploits (1)

nomisec WRITEUP 1 stars

by louay-075 · poc

https://github.com/louay-075/CVE-2025-49223-BillboardJS-PoC

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://cve.naver.com/detail/cve-2025-49223.html

Scores

CVSS v3 9.8

EPSS 0.0083

EPSS Percentile 74.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1321

Status published

Products (2)

naver/billboard.js < 3.15.1

npm/billboard.js 0 - 3.15.1npm

Published Jun 04, 2025

Tracked Since Feb 18, 2026