CVE-2025-57328

Q: What is the severity of CVE-2025-57328?

CVE-2025-57328 is classified as a critical vulnerability due to its potential for Prototype Pollution.

Q: How do I fix CVE-2025-57328?

To fix CVE-2025-57328, update the toggle-array package to version 1.0.2 or later.

Q: Who is affected by CVE-2025-57328?

CVE-2025-57328 affects all versions of the toggle-array package up to and including version 1.0.1.

Q: What are the consequences of exploiting CVE-2025-57328?

Exploiting CVE-2025-57328 may allow attackers to modify Object prototypes, leading to unpredictable application behavior.

Q: Is there a workaround for CVE-2025-57328?

A temporary workaround for CVE-2025-57328 is to avoid using the affected functions of the toggle-array package until an update is applied.

Published Sep 24, 2025

Updated

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Affected Software

3 affected components

toggle-array toggle-array<1.0.1

npm/toggle-array<=1.0.1

Jonschlinkert Toggle-array Node.js<=1.0.1

Event History

Sep 24, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via NVD·08:15 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·08:15 PM

Affected Software

Advisory Published

via GitHub·09:30 PM

Data Sourced

via GitHub·09:30 PM

DescriptionWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-57328?

CVE-2025-57328 is classified as a critical vulnerability due to its potential for Prototype Pollution.

How do I fix CVE-2025-57328?

To fix CVE-2025-57328, update the toggle-array package to version 1.0.2 or later.

Who is affected by CVE-2025-57328?

CVE-2025-57328 affects all versions of the toggle-array package up to and including version 1.0.1.

What are the consequences of exploiting CVE-2025-57328?

Exploiting CVE-2025-57328 may allow attackers to modify Object prototypes, leading to unpredictable application behavior.

Is there a workaround for CVE-2025-57328?

A temporary workaround for CVE-2025-57328 is to avoid using the affected functions of the toggle-array package until an update is applied.

CVSS Score

7.5High

High Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Security Metrics

Risk Score43

Severityhigh(7.5)

CWE

1321

Timeline

PublishedSep 24, 2025

Updated

References

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2025-57328

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-57328?

How do I fix CVE-2025-57328?

Who is affected by CVE-2025-57328?

What are the consequences of exploiting CVE-2025-57328?

Is there a workaround for CVE-2025-57328?

Company

Resources

Contact