CVE-2025-30358 (GCVE-0-2025-30358)
Vulnerability from cvelistv5 – Published: 2025-03-27 14:49 – Updated: 2025-03-27 15:04
VLAI?
Title
Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
Summary
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Additionally, it could also result in other severe consequences given the application's implementation, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations. This impersonation could potentially enable jailbreak attacks when interacting with large language models (LLMs). Just like the Javascript's prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. Users should upgrade to version 0.14.1 to obtain a fix for the issue.
Severity ?
8.1 (High)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:03:56.762380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:04:59.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mesop",
"vendor": "mesop-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Additionally, it could also result in other severe consequences given the application\u0027s implementation, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations. This impersonation could potentially enable jailbreak attacks when interacting with large language models (LLMs). Just like the Javascript\u0027s prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. Users should upgrade to version 0.14.1 to obtain a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:49:11.592Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mesop-dev/mesop/security/advisories/GHSA-f3mf-hm6v-jfhh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mesop-dev/mesop/security/advisories/GHSA-f3mf-hm6v-jfhh"
},
{
"name": "https://github.com/mesop-dev/mesop/commit/748e20d4a363d89b841d62213f5b0c6b4bed788f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mesop-dev/mesop/commit/748e20d4a363d89b841d62213f5b0c6b4bed788f"
}
],
"source": {
"advisory": "GHSA-f3mf-hm6v-jfhh",
"discovery": "UNKNOWN"
},
"title": "Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30358",
"datePublished": "2025-03-27T14:49:11.592Z",
"dateReserved": "2025-03-21T14:12:06.270Z",
"dateUpdated": "2025-03-27T15:04:59.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-30358",
"date": "2026-04-26",
"epss": "0.03115",
"percentile": "0.86874"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-30358\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-27T15:16:02.297\",\"lastModified\":\"2025-03-27T16:45:12.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Additionally, it could also result in other severe consequences given the application\u0027s implementation, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations. This impersonation could potentially enable jailbreak attacks when interacting with large language models (LLMs). Just like the Javascript\u0027s prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. Users should upgrade to version 0.14.1 to obtain a fix for the issue.\"},{\"lang\":\"es\",\"value\":\"Mesop es un framework de interfaz de usuario basado en Python que permite a los usuarios crear aplicaciones web. Una vulnerabilidad de contaminaci\u00f3n de clases en Mesop, antes de la versi\u00f3n 0.14.1, permite a los atacantes sobrescribir variables globales y atributos de clase en ciertos m\u00f3dulos de Mesop durante la ejecuci\u00f3n. Esta vulnerabilidad podr\u00eda provocar un ataque de denegaci\u00f3n de servicio (DoS) contra el servidor. Adem\u00e1s, podr\u00eda tener otras consecuencias graves debido a la implementaci\u00f3n de la aplicaci\u00f3n, como la confusi\u00f3n de identidad, donde un atacante podr\u00eda suplantar la identidad de un asistente o un rol del sistema en las conversaciones. Esta suplantaci\u00f3n podr\u00eda permitir ataques de jailbreak al interactuar con grandes modelos de lenguaje (LLM). Al igual que la contaminaci\u00f3n del prototipo de Javascript, esta vulnerabilidad podr\u00eda permitir a los atacantes manipular el flujo de datos o el flujo de control previstos de la aplicaci\u00f3n durante la ejecuci\u00f3n, lo que podr\u00eda tener consecuencias graves, como la ejecuci\u00f3n remota de c\u00f3digo cuando haya gadgets disponibles. Los usuarios deben actualizar a la versi\u00f3n 0.14.1 para obtener una soluci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-915\"}]}],\"references\":[{\"url\":\"https://github.com/mesop-dev/mesop/commit/748e20d4a363d89b841d62213f5b0c6b4bed788f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mesop-dev/mesop/security/advisories/GHSA-f3mf-hm6v-jfhh\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30358\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T15:03:56.762380Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T15:04:53.549Z\"}}], \"cna\": {\"title\": \"Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks\", \"source\": {\"advisory\": \"GHSA-f3mf-hm6v-jfhh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"mesop-dev\", \"product\": \"mesop\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.14.1\"}]}], \"references\": [{\"url\": \"https://github.com/mesop-dev/mesop/security/advisories/GHSA-f3mf-hm6v-jfhh\", \"name\": \"https://github.com/mesop-dev/mesop/security/advisories/GHSA-f3mf-hm6v-jfhh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/mesop-dev/mesop/commit/748e20d4a363d89b841d62213f5b0c6b4bed788f\", \"name\": \"https://github.com/mesop-dev/mesop/commit/748e20d4a363d89b841d62213f5b0c6b4bed788f\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Additionally, it could also result in other severe consequences given the application\u0027s implementation, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations. This impersonation could potentially enable jailbreak attacks when interacting with large language models (LLMs). Just like the Javascript\u0027s prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. Users should upgrade to version 0.14.1 to obtain a fix for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-915\", \"description\": \"CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-27T14:49:11.592Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-30358\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-27T15:04:59.072Z\", \"dateReserved\": \"2025-03-21T14:12:06.270Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-27T14:49:11.592Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…