Prototype Pollution Vulnerability in Magix Combine-ex by Magix
CVE-2025-57321

9.8CRITICAL

Key Information:

Vendor: Magix
Status: Magix Combine-ex
Vendor: CVE Published:; 24 September 2025

What is CVE-2025-57321?

The Prototype Pollution vulnerability in the util-deps.addFileDepend function of Magix Combine-ex up to version 1.2.10 allows attackers to manipulate the Object.prototype by providing a specially crafted payload. This flaw could permit unauthorized modifications to objects, leading to unintended consequences, including denial of service (DoS) attacks, where the system may become unresponsive or behave unpredictably.

References

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScrip...

https://github.com/VulnSageAgent/PoCs/tree/main/JavaScrip...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Aug 17, 2025

CVE-2025-57321 Data

JSON