CVE-2025-11362

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-11362
Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed Patch
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta10:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta11:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta12:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta13:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta14:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta15:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta16:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta3:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta4:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta6:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta7:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta8:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta9:*:*:*:*:*:*
History

20 Oct 2025, 15:51

Type Values Removed Values Added
First Time Pdfmake
Pdfmake pdfmake
References () https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed - () https://github.com/bpampuch/pdfmake/commit/741169634bf07730e010cd77477b6cc038e846ed - Patch
References () https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297 - () https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-10223297 - Third Party Advisory
CPE cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta6:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta4:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta7:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta16:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta10:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta13:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta14:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta11:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta9:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta12:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta15:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta3:*:*:*:*:*:*
cpe:2.3:a:pdfmake:pdfmake:0.3.0:beta8:*:*:*:*:*:*

07 Oct 2025, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-10-07 05:15

Updated : 2025-10-20 15:51

NVD link : CVE-2025-11362

Mitre link : CVE-2025-11362

CVE.ORG link : CVE-2025-11362

JSON object : View

Products Affected

pdfmake

  • pdfmake
CWE
CWE-770

Allocation of Resources Without Limits or Throttling