CVE-2025-13465

high

Description

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05

https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13465.json

https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg

https://cert-portal.siemens.com/productcert/html/ssa-253495.html

https://bugzilla.redhat.com/show_bug.cgi?id=2431740

https://access.redhat.com/security/cve/CVE-2025-13465

https://access.redhat.com/errata/RHSA-2026:9848

https://access.redhat.com/errata/RHSA-2026:8229

https://access.redhat.com/errata/RHSA-2026:8218

https://access.redhat.com/errata/RHSA-2026:6567

https://access.redhat.com/errata/RHSA-2026:6497

https://access.redhat.com/errata/RHSA-2026:6288

https://access.redhat.com/errata/RHSA-2026:6192

https://access.redhat.com/errata/RHSA-2026:5636

https://access.redhat.com/errata/RHSA-2026:5633

https://access.redhat.com/errata/RHSA-2026:4782

https://access.redhat.com/errata/RHSA-2026:4630

https://access.redhat.com/errata/RHSA-2026:4467

https://access.redhat.com/errata/RHSA-2026:4466

https://access.redhat.com/errata/RHSA-2026:4423

https://access.redhat.com/errata/RHSA-2026:3962

https://access.redhat.com/errata/RHSA-2026:3960

https://access.redhat.com/errata/RHSA-2026:3958

https://access.redhat.com/errata/RHSA-2026:3884

https://access.redhat.com/errata/RHSA-2026:3874

https://access.redhat.com/errata/RHSA-2026:3870

https://access.redhat.com/errata/RHSA-2026:3869

https://access.redhat.com/errata/RHSA-2026:3825

https://access.redhat.com/errata/RHSA-2026:3782

https://access.redhat.com/errata/RHSA-2026:3710

https://access.redhat.com/errata/RHSA-2026:36882

https://access.redhat.com/errata/RHSA-2026:36651

https://access.redhat.com/errata/RHSA-2026:34608

https://access.redhat.com/errata/RHSA-2026:3422

https://access.redhat.com/errata/RHSA-2026:34100

https://access.redhat.com/errata/RHSA-2026:33371

https://access.redhat.com/errata/RHSA-2026:33154

https://access.redhat.com/errata/RHSA-2026:3087

https://access.redhat.com/errata/RHSA-2026:2990

https://access.redhat.com/errata/RHSA-2026:2984

https://access.redhat.com/errata/RHSA-2026:2926

https://access.redhat.com/errata/RHSA-2026:2900

https://access.redhat.com/errata/RHSA-2026:2819

https://access.redhat.com/errata/RHSA-2026:2818

https://access.redhat.com/errata/RHSA-2026:2817

https://access.redhat.com/errata/RHSA-2026:2816

https://access.redhat.com/errata/RHSA-2026:2694

https://access.redhat.com/errata/RHSA-2026:2675

https://access.redhat.com/errata/RHSA-2026:2672

https://access.redhat.com/errata/RHSA-2026:2661

https://access.redhat.com/errata/RHSA-2026:2651

https://access.redhat.com/errata/RHSA-2026:25089

https://access.redhat.com/errata/RHSA-2026:2484

https://access.redhat.com/errata/RHSA-2026:2469

https://access.redhat.com/errata/RHSA-2026:2465

https://access.redhat.com/errata/RHSA-2026:2462

https://access.redhat.com/errata/RHSA-2026:2452

https://access.redhat.com/errata/RHSA-2026:2438

https://access.redhat.com/errata/RHSA-2026:24331

https://access.redhat.com/errata/RHSA-2026:21658

https://access.redhat.com/errata/RHSA-2026:2149

https://access.redhat.com/errata/RHSA-2026:2148

https://access.redhat.com/errata/RHSA-2026:2147

https://access.redhat.com/errata/RHSA-2026:2145

https://access.redhat.com/errata/RHSA-2026:2119

https://access.redhat.com/errata/RHSA-2026:2078

https://access.redhat.com/errata/RHSA-2026:20088

https://access.redhat.com/errata/RHSA-2026:20042

https://access.redhat.com/errata/RHSA-2026:19712

https://access.redhat.com/errata/RHSA-2026:18868

https://access.redhat.com/errata/RHSA-2026:18480

https://access.redhat.com/errata/RHSA-2026:1845

https://access.redhat.com/errata/RHSA-2026:17469

https://access.redhat.com/errata/RHSA-2026:15091

https://access.redhat.com/errata/RHSA-2026:14871

https://access.redhat.com/errata/RHSA-2026:14870

https://access.redhat.com/errata/RHSA-2026:14774

https://access.redhat.com/errata/RHSA-2026:13829

https://access.redhat.com/errata/RHSA-2026:13548

https://access.redhat.com/errata/RHSA-2026:13542

https://access.redhat.com/errata/RHSA-2026:11414

Details

Source: Mitre, NVD

Published: 2026-01-21

Updated: 2026-07-10

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 7.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H

Severity: High

EPSS

EPSS: 0.00045