Inefficient Regular Expression Complexity in Actions Toolkit Glob by GitHub
CVE-2025-5890

5.3MEDIUM

Key Information:

Vendor

Actions

Status
Toolkit
Vendor
CVE Published:
9 June 2025

What is CVE-2025-5890?

A vulnerability has been identified in Actions Toolkit version 0.5.0 that impacts the globEscape function within the glob component. This vulnerability leads to inefficient regular expression complexity, which can be exploited remotely. Attackers may leverage this flaw to execute denial-of-service attacks, causing the system to consume excessive resources when processing specific input patterns.

Affected Version(s)

toolkit 0.5.0

References

https://vuldb.com/?id.311661
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311661
signaturepermissions-required
https://vuldb.com/?submit.585727
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mmmsssttt (VulDB User)
.
CVE-2025-5890 : Inefficient Regular Expression Complexity in Actions Toolkit Glob by GitHub