CVE-2025-66453

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-66453
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66453.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-66453
Aliases
Downstream
Published
2025-12-03T19:31:54.629Z
Modified
2025-12-05T10:22:09.612468Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function
Details

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JSdtostr > DToA.JSdtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-400"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66453.json"
}
References

Affected packages

Git / github.com/mozilla/rhino

Affected ranges

Type
GIT
Repo
https://github.com/mozilla/rhino
Events
Introduced
0dcc00f6b3e2623f732828186ef8464d69ba51d1
Fixed
f2d1ffef9dafbd625ca1ea79b8893ecbaee07e61
Database specific 
{
    "versions": [
        {
            "introduced": "1.8.0"
        },
        {
            "fixed": "1.8.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/mozilla/rhino
Events
Introduced
22557a6c3ea3ad9addda5b0de01d2d720bd291d3
Fixed
14524b37b8e53bb27bb10bfeedadb2f1ef40e645
Database specific 
{
    "versions": [
        {
            "introduced": "1.7.15"
        },
        {
            "fixed": "1.7.15.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/mozilla/rhino
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
596b2915d3f1dd00a6843435e5752050618daa25
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.14.1"
        }
    ]
}

Affected versions

Other

BEFORE_AST
BEFORE_E4X
EDITOR_EMBEDDING_20011025_BASE
JS_1_7_ALPHA_MERGE
PREFERENCES_20050201_BASE
Rhino140R3_RELEASE
Rhino14R3_RELEASE
Rhino150R1_RELEASE
Rhino150R3_RELEASE
Rhino150R4_RELEASE
Rhino150R5_RELEASE
Rhino1_6R1_RELEASE
Rhino1_6R2_RELEASE
Rhino1_6R3_RELEASE
Rhino1_7R3_RELEASE
Rhino1_7R4_RELEASE
Rhino1_7R5_RELEASE
Rhino1_7_10_Release
Rhino1_7_11_RC1_Release
Rhino1_7_11_RC2_Release
Rhino1_7_11_Release
Rhino1_7_12_Release
Rhino1_7_13_Release
Rhino1_7_14_RC1_Release
Rhino1_7_15_Release
Rhino1_7_6_RELEASE
Rhino1_7_7_RELEASE
Rhino1_7_8_RC1_RELEASE
Rhino1_7_8_Release
Rhino1_7_9_Release
Rhino1_8_0_Release
SUNBIRD_0_3a2_RELEASE
before_225831_merge
before_jsdebugger
before_less_classes_optimizer
before_new_natives
before_simpler_undefined_280047
code-formatting-required