CVE-2025-7783
CRITICALform-data <2.5.4, 3.0.0-3.0.3, 4.0.0-4.0.3 - HPP
Title source: llmDescription
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Exploits (1)
nomisec
WORKING POC
29 stars
by benweissmann · poc
https://github.com/benweissmann/CVE-2025-7783-poc
Scores
CVSS v4
9.4
EPSS
0.0041
EPSS Percentile
61.6%
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Details
CWE
CWE-330
Status
published
Products (1)
npm/form-data
0 - 2.5.4npm
Published
Jul 18, 2025
Tracked Since
Feb 18, 2026