Regular Expression Vulnerability in AngularJS by Google
CVE-2025-4690

4.3MEDIUM

Key Information:

Vendor: Google
Status: Angularjs
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-4690?

A vulnerability exists in AngularJS's linky filter that utilizes a regular expression to identify URLs within input text. This flaw allows attackers to craft large inputs which exploit backtracking behavior of the regex engine, potentially causing a Denial of Service (DoS) by consuming excessive resources. All versions of AngularJS are affected by this issue, and as the project has reached its End-of-Life, no patches will be released to mitigate this vulnerability.

Affected Version(s)

AngularJS >=0.0.0

References

https://www.herodevs.com/vulnerability-directory/cve-2025...

third-party-advisory

https://codepen.io/herodevs/pen/RNNEPzP/751b91eab7730dff2...

technical-descriptionexploit

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
May 14, 2025

Credit

George Kalpakas