Inefficient Regular Expression Complexity in Taro by TaroJS
CVE-2025-5896

5.3MEDIUM

Key Information:

Vendor

Tarojs

Status
Taro
Vendor
CVE Published:
9 June 2025

What is CVE-2025-5896?

A vulnerability exists in versions of Taro by TaroJS up to 4.1.1, specifically within the 'taro/packages/css-to-react-native/src/index.js' file. This issue arises from inefficient regular expression complexity, which could potentially be exploited remotely. Users are strongly advised to upgrade to version 4.1.2, which includes a critical patch (commit ID: c2e321a8b6fc873427c466c69f41ed0b5e8814bf) to address this vulnerability and enhance overall application security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

taro 4.1.0

taro 4.1.1

References

https://vuldb.com/?id.311668
vdb-entry
https://vuldb.com/?ctiid.311668
signaturepermissions-required
https://vuldb.com/?submit.585796
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mmmsssttt (VulDB User)
JSON
.