Class Pollution Vulnerability in Mesop Python UI Framework
CVE-2025-30358

8.1HIGH

Key Information:

Vendor: Mesop-dev
Status: Mesop
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-30358?

A class pollution vulnerability exists in the Mesop framework, allowing attackers to overwrite global variables and class attributes during runtime. This flaw can lead to various threats, including denial of service and identity confusion, where attackers might impersonate user roles, potentially facilitating jailbreak attacks in interactions with large language models. Similar to JavaScript's prototype pollution, this vulnerability can enable attackers to manipulate data-flow or control-flow, resulting in severe implications, including remote code execution if exploitable gadgets are present. It is crucial for users of Mesop to upgrade to version 0.14.1 for protection against this vulnerability.

Affected Version(s)

mesop < 0.14.1

References

https://github.com/mesop-dev/mesop/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/mesop-dev/mesop/commit/748e20d4a363d89...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 21, 2025

CVE-2025-30358 Data

JSON

Mesop-dev

What is CVE-2025-30358?

Affected Version(s)

References

CVSS V3.1

Timeline