CVE-2025-30358
HIGHDescription
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service (DoS) attack against the server. Additionally, it could also result in other severe consequences given the application's implementation, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations. This impersonation could potentially enable jailbreak attacks when interacting with large language models (LLMs). Just like the Javascript's prototype pollution, this vulnerability could leave a way for attackers to manipulate the intended data-flow or control-flow of the application at runtime and lead to severe consequences like remote code execution when gadgets are available. Users should upgrade to version 0.14.1 to obtain a fix for the issue.
Is your site exposed to CVE-2025-30358?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-30358? +
How severe is CVE-2025-30358? +
How do I check if I'm vulnerable to CVE-2025-30358? +
Related Vulnerabilities
9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body …
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. …
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the …
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable …
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity …
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or …