CVE-2025-13158
Published: 26 December 2025
Summary
CVE-2025-13158 is a critical-severity Prototype Pollution (CWE-1321) vulnerability in Sonatype (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-205451
Vulnerability details
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior…
more
in applications relying on the integrity of prototype chains. This affects the preProcess() function in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker modules.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.