CVE-2025-5891

MEDIUM

Unitech pm2 <6.0.6 - Info Disclosure

Title source: llm

Description

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.311662

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.311662

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.585750

[Exploit, Issue Tracking, Patch] https://github.com/Unitech/pm2/pull/5971

[Product] https://gist.github.com/mmmsssttt404/407e2ffe3e0eaa393ad923a86316a385

Scores

CVSS v3 4.3

EPSS 0.0037

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1333 CWE-400

Status published

Products (2)

keymetric/pm2 < 6.0.6

npm/pm2 0npm

Published Jun 09, 2025

Tracked Since Feb 18, 2026