CVE-2025-11362

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
snykCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
pdfmakepdfmake
0.3.0:beta1
pdfmakepdfmake
0.3.0:beta10
pdfmakepdfmake
0.3.0:beta11
pdfmakepdfmake
0.3.0:beta12
pdfmakepdfmake
0.3.0:beta13
pdfmakepdfmake
0.3.0:beta14
pdfmakepdfmake
0.3.0:beta15
pdfmakepdfmake
0.3.0:beta16
pdfmakepdfmake
0.3.0:beta2
pdfmakepdfmake
0.3.0:beta3
pdfmakepdfmake
0.3.0:beta4
pdfmakepdfmake
0.3.0:beta5
pdfmakepdfmake
0.3.0:beta6
pdfmakepdfmake
0.3.0:beta7
pdfmakepdfmake
0.3.0:beta8
pdfmakepdfmake
0.3.0:beta9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297