CVE-2025-13465EPSS p23.2%

CVE-2025-13465CVE-2025-13465

lodash / lodash

Description

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS0.32% probability of exploitation · percentile 23.2% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8657
CVE
CVE-2026-46509
CVE
CVE-2026-29063
CVE
CVE-2026-25521
CVE
CVE-2025-63704
CVE
CVE-2025-61140
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.