CVE-2025-13465
Published: 21 January 2026
Summary
CVE-2025-13465 is a medium-severity Prototype Pollution (CWE-1321) vulnerability in Lodash Lodash. Its CVSS base score is 6.9 (Medium).
Operationally, ranked at the 23.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206319
Vulnerability details
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not…
more
allow overwriting their original behavior. This issue is patched on 4.17.23
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.