Vulnerability DatabaseCVE-2025-5150
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-5150
Published:May 25, 2025
Updated:June 07, 2026
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Additional Notes
The description of this vulnerability differs from MITRE.
Related Resources (6)
https://vuldb.com/?submit.574696
https://vuldb.com/?ctiid.310238
https://vuldb.com/?id.310238
https://nvd.nist.gov/vuln/detail/CVE-2025-5150
https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8
https://github.com/docarray/docarray
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1321
Improper Control of Generation of Code ('Code Injection')
CWE-94
EPSS
Base Score:
0.39