CVE-2025-66020 – Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

CVE ID : CVE-2025-66020

Published : Nov. 26, 2025, 2:15 a.m. | 20 minutes ago

Description : Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g.,
Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66269 – Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM

CVE-2025-66021 – OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

CVE-2025-66266 – Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation

CVE-2025-12848 – XSS vulnerability when rendering filename in Webform Multiform