Prototype Pollution via _.unset/.omit in Lodash 4.17.22
CVE-2025-13465 Published on January 21, 2026

Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

NVD

Vulnerability Analysis

CVE-2025-13465 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
HIGH

Weakness Type

What is a Prototype Pollution Vulnerability?

The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

CVE-2025-13465 has been classified to as a Prototype Pollution vulnerability or weakness.


Products Associated with CVE-2025-13465

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-13465 are published in these products:

Lodash
 
Canonical Ubuntu Linux
 
Red Hat Ansible Automation Platform
 
Red Hat Ansible Automation Platform Developer
 
Red Hat Ansible Automation Platform Inside
 
Red Hat Cryostat
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Cluster Observability Operator
 
Red Hat Apache Camel Hawtio
 
Red Hat Enterprise Linux Eus
 
Red Hat Rhel Aus
 
Red Hat Rhel Eus Long Life
 
Red Hat Rhel E4s
 
Red Hat Rhel Tus
 
Red Hat Rhel Eus
 
Red Hat Network Observ Optr
 
Red Hat Acm
 
Red Hat Advanced Cluster Security
 
Red Hat Ceph Storage
 
Red Hat Jboss Data Grid
 
Red Hat Rhdh
 
Red Hat Discovery
 
Red Hat Openshift Ai
 
Red Hat Openshift
 
Red Hat Openshift Devspaces
 
Red Hat Openshift Gitops
 
Red Hat Openshift Pipelines
 
Red Hat Service Mesh
 
Red Hat Quay
 
Red Hat Satellite
 
Red Hat Trusted Artifact Signer
 
Red Hat Multicluster Engine
 
Red Hat Logging
 
Red Hat Migration Toolkit Applications
 
Red Hat Rhmt
 
Red Hat Migration Toolkit Virtualization
 
Red Hat Workload Availability Nhc
 
Red Hat Openshift Lightspeed
 
Red Hat 3scale Amp
 
Red Hat Service Registry
 
Red Hat Optaplanner
 
Red Hat Connectivity Link
 
Red Hat Edge Manager
 
Red Hat Enterprise Linux Ai
 
Red Hat Jboss Fuse
 
Red Hat Openshift Data Foundation
 
Red Hat Openshift Distributed Tracing
 
Red Hat Container Native Virtualization
 
Red Hat Jboss Enterprise Bpms Platform
 
Red Hat Single Sign On
 
Red Hat Trusted Profile Analyzer
 
Red Hat Amq Streams
 
Red Hat Confidential Compute Attestation
 
Red Hat Gatekeeper
 
Red Hat Directory Server
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Jbosseapxp
 
Red Hat Jboss Enterprise Application Platform Eus
 

Affected Versions

Lodash: Lodash-amd: lodash-es: lodash.unset: Siemens RUGGEDCOM RST2428P: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server: Red Hat Ansible Automation Platform 2.6 for RHEL 9: Red Hat Cryostat 4 on RHEL 9: Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Cluster Observability Operator 1.4.0: Red Hat HawtIO HawtIO 4.4.0: Red Hat Enterprise Linux High Availability EUS (v. 10.0): Red Hat Enterprise Linux High Availability (v. 10): Red Hat Enterprise Linux High Availability AUS (v.8.4): Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4): Red Hat Enterprise Linux High Availability E4S (v.8.6): Red Hat Enterprise Linux High Availability TUS (v.8.6): Red Hat Enterprise Linux High Availability E4S (v.8.8): Red Hat Enterprise Linux High Availability TUS (v.8.8): Red Hat Enterprise Linux High Availability E4S (v.9.0): Red Hat Enterprise Linux High Availability E4S (v.9.2): Red Hat Enterprise Linux High Availability EUS (v.9.4): Red Hat Enterprise Linux High Availability EUS (v.9.6): Red Hat Enterprise Linux High Availability (v. 9): Red Hat Network Observability (NETOBSERV) 1.11.2: Red Hat Advanced Cluster Management for Kubernetes 2.12: Red Hat Advanced Cluster Management for Kubernetes 2.13: Red Hat Advanced Cluster Management for Kubernetes 2.15: Red Hat Advanced Cluster Security for Kubernetes 4.10: Red Hat Advanced Cluster Security for Kubernetes 4.8: Red Hat Advanced Cluster Security for Kubernetes 4.9: Red Hat Ansible Automation Platform 2.5: Red Hat Ansible Automation Platform 2.6: Red Hat Ceph Storage 7.1: Red Hat Data Grid 8.6.0: Red Hat Developer Hub 1.8: Red Hat Discovery 2: Red Hat OpenShift AI 2.25: Red Hat OpenShift AI 3.3: Red Hat OpenShift Container Platform 4.12: Red Hat OpenShift Container Platform 4.13: Red Hat OpenShift Container Platform 4.14: Red Hat OpenShift Container Platform 4.15: Red Hat OpenShift Container Platform 4.16: Red Hat OpenShift Container Platform 4.17: Red Hat OpenShift Container Platform 4.18: Red Hat OpenShift Container Platform 4.19: Red Hat OpenShift Container Platform 4.20: Red Hat OpenShift Container Platform 4.21: Red Hat OpenShift Dev Spaces 3.27: Red Hat OpenShift GitOps 1.17: Red Hat OpenShift GitOps 1.18: Red Hat OpenShift GitOps 1.19: Red Hat OpenShift Pipelines 1.15: Red Hat OpenShift Pipelines 1.2: Red Hat OpenShift Service Mesh 2.6: Red Hat OpenShift Service Mesh 3.0: Red Hat OpenShift Service Mesh 3.1: Red Hat OpenShift Service Mesh 3.2: Red Hat Quay 3.16: Red Hat Satellite 6.18: Red Hat Trusted Artifact Signer 1.2: Red Hat Trusted Artifact Signer 1.3: Red Hat Enterprise Linux ResilientStorage E4S (v.9.0): Red Hat Enterprise Linux Resilient Storage E4S (v.9.2): Red Hat Enterprise Linux Resilient Storage EUS (v.9.4): Red Hat Enterprise Linux Resilient Storage EUS (v.9.6): Red Hat Enterprise Linux Resilient Storage (v. 9): Red Hat multicluster engine for Kubernetes 2.10: Red Hat multicluster engine for Kubernetes 2.6: Red Hat multicluster engine for Kubernetes 2.7: Red Hat multicluster engine for Kubernetes 2.8: Red Hat multicluster engine for Kubernetes 2.9: Logging Subsystem for Red Hat OpenShift: Red Hat Migration Toolkit for Applications 8: Red Hat Migration Toolkit for Containers: Red Hat Migration Toolkit for Virtualization: Red Hat Node HealthCheck Operator: Red Hat OpenShift Lightspeed: Red Hat OpenShift Pipelines: Red Hat 3scale API Management Platform 2: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Ansible Automation Platform 2: Red Hat build of Apicurio Registry 2: Red Hat build of OptaPlanner 8: Red Hat Ceph Storage 4: Red Hat Ceph Storage 5: Red Hat Ceph Storage 6: Red Hat Ceph Storage 8: Red Hat Connectivity Link 1: Red Hat Edge Manager 1: Red Hat Edge Manager preview: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Fuse 7: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Container Platform 4: Red Hat Openshift Data Foundation 4: Red Hat OpenShift distributed tracing 3: Red Hat OpenShift GitOps: Red Hat OpenShift Virtualization 4: Red Hat Process Automation 7: Red Hat Satellite 6: Red Hat Single Sign-On 7: Red Hat Trusted Profile Analyzer: Red Hat streams for Apache Kafka 2: Red Hat streams for Apache Kafka 3: Red Hat Ansible Automation Platform 2.6 for RHEL 10: Red Hat Confidential Compute Attestation: Red Hat Gatekeeper 3: Red Hat Multicluster Engine for Kubernetes: Red Hat OpenShift Service Mesh 2: Red Hat OpenShift Service Mesh 3: Red Hat Advanced Cluster Security 4: Red Hat Directory Server 11: Red Hat Directory Server 12: Red Hat Directory Server 13: Red Hat Enterprise Linux 7: Red Hat JBoss Enterprise Application Platform 7: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform Expansion Pack: Red Hat OpenShift Dev Spaces: Red Hat Quay 3:

Exploit Probability

EPSS
0.32%
Percentile
23.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.