{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T11:38:08.764","vulnerabilities":[{"cve":{"id":"CVE-2025-8262","sourceIdentifier":"cna@vuldb.com","published":"2025-07-28T07:15:25.447","lastModified":"2026-06-17T10:06:38.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue."},{"lang":"es","value":"Se encontró una vulnerabilidad en yarnpkg Yarn hasta la versión 1.22.22. Se ha clasificado como problemática. La función \"exploitHostedGitFragment\" del archivo src/resolvers/exotics/hosted-git-resolver.js está afectada. La manipulación genera una complejidad ineficiente en las expresiones regulares. El ataque podría iniciarse en remoto. El parche se identifica como 97731871e674bf93bcbf29e9d3258da8685f3076. Se recomienda aplicar un parche para solucionar este problema."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"yarnpkg","product":"Yarn","versions":[{"version":"1.22.0","status":"affected"},{"version":"1.22.1","status":"affected"},{"version":"1.22.2","status":"affected"},{"version":"1.22.3","status":"affected"},{"version":"1.22.4","status":"affected"},{"version":"1.22.5","status":"affected"},{"version":"1.22.6","status":"affected"},{"version":"1.22.7","status":"affected"},{"version":"1.22.8","status":"affected"},{"version":"1.22.9","status":"affected"},{"version":"1.22.10","status":"affected"},{"version":"1.22.11","status":"affected"},{"version":"1.22.12","status":"affected"},{"version":"1.22.13","status":"affected"},{"version":"1.22.14","status":"affected"},{"version":"1.22.15","status":"affected"},{"version":"1.22.16","status":"affected"},{"version":"1.22.17","status":"affected"},{"version":"1.22.18","status":"affected"},{"version":"1.22.19","status":"affected"},{"version":"1.22.20","status":"affected"},{"version":"1.22.21","status":"affected"},{"version":"1.22.22","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-07-28T17:13:41.425895Z","id":"CVE-2025-8262","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-1333"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yarnpkg:yarn:*:*:*:*:*:*:*:*","versionEndIncluding":"1.22.22","matchCriteriaId":"E0ACE16B-A776-4707-AB1A-BD46CA1E53CA"}]}]}],"references":[{"url":"https://github.com/yarnpkg/yarn/pull/9199","source":"cna@vuldb.com","tags":["Exploit"]},{"url":"https://github.com/yarnpkg/yarn/pull/9199/commits/97731871e674bf93bcbf29e9d3258da8685f3076","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://vuldb.com/?ctiid.317850","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.317850","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.617393","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]}]}}]}