logo_clicknbuy.png

CVE-2025-30358 – Mesop Class Pollution Vulnerability

The following table lists the changes that have been made to the
CVE-2025-30358 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Mar. 27, 2025

    Action Type Old Value New Value
    Added Description Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Additionally, it could also result in other severe consequences given the application’s implementation, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations. This impersonation could potentially enable jailbreak attacks when interacting with large language models (LLMs). Just like the Javascript’s prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. Users should upgrade to version 0.14.1 to obtain a fix for the issue.
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
    Added CWE CWE-915
    Added Reference https://github.com/mesop-dev/mesop/commit/748e20d4a363d89b841d62213f5b0c6b4bed788f
    Added Reference https://github.com/mesop-dev/mesop/security/advisories/GHSA-f3mf-hm6v-jfhh
Share the Post:

Related Posts