How severe is CVE-2025-31475?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2025-31475?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2025-31475 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potential security risks such as data corruption or unintended code execution. An attacker with high privileges could exploit this vulnerability to modify object prototypes, affecting core JavaScript behavior, cause application crashes or unexpected behavior, or potentially introduce further security vulnerabilities depending on the application's architecture. This vulnerability is fixed in 1.20.1.

Related Vulnerabilities

CVE-2020-15366

MEDIUM

CVSS:5.6(Medium)

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollutio...

CWE-13212020

CVE-2020-7598

MEDIUM

CVSS:5.6(Medium)

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.

CWE-13212020

CVE-2023-2972

MEDIUM

CVSS:5.4(Medium)

Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.

CWE-13212023

CVE-2020-7600

MEDIUM

CVSS:5.3(Medium)

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused ...

CWE-13212020

CVE-2020-7608

MEDIUM

CVSS:5.3(Medium)

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

CWE-13212020

CVE-2020-7616

MEDIUM

CVSS:5.3(Medium)

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation...

CWE-13212020