CVE-2025-5896

09.06.2025, 21:15

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDB	CNA	4.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
taro	taro	𝑥 < 4.1.2

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

https://github.com/NervJS/taro/commit/c2e321a8b6fc873427c466c69f41ed0b5e8814bf

https://github.com/NervJS/taro/pull/17619

https://github.com/NervJS/taro/releases/tag/v4.1.2

https://vuldb.com/?ctiid.311668

https://vuldb.com/?id.311668

https://vuldb.com/?submit.585796

https://github.com/NervJS/taro/pull/17619