THREAT OPS › Threat News › [NVD] CVE-2025-69873 (LOW 2.9) — ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp(
[NVD] CVE-2025-69873 (LOW 2.9) — ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp(
CVE-2025-69873 CVSS: 2.9 LOW Published: 2026-02-11T19:15:50.467
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can injec
MITRE ATT&CK techniques
- JavaScriptT1059.007
Indicators of compromise
- CVE-2025-69873cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-69873