Cyber Resilience

CVE-2025-13465

MediumUpdated

Published: 21 January 2026

Published
21 January 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0032 23.4th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-13465 is a medium-severity Prototype Pollution (CWE-1321) vulnerability in Lodash Lodash. Its CVSS base score is 6.9 (Medium).

Operationally, ranked at the 23.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not…

more

allow overwriting their original behavior. This issue is patched on 4.17.23

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

lodash
lodash
4.0.0 — 4.17.23

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References