CVE-2025-11362
pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding
7.5
HIGH
CVSS 3.1
EPSS 0.06%
Description
Versions of the package pdfmake from 0.3.0-beta.1 to before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.
How to fix CVE-2025-11362
To remediate CVE-2025-11362, upgrade the affected package to a fixed version below.
- —upgrade to 0.3.0-beta.17 or later
Is CVE-2025-11362 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 0.3.0-beta.1, < 0.3.0-beta.17
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |