Remote Code Execution Vulnerability in Parse JavaScript SDK by Parse Community
CVE-2025-62374

6.4MEDIUM

Key Information:

Vendor

Parse-community

Status
Parse-sdk-js
Vendor
CVE Published:
14 October 2025

What is CVE-2025-62374?

The Parse JavaScript SDK, which facilitates access to the powerful Parse Server from JavaScript applications, is vulnerable to remote code execution due to the injection of malicious payloads. This issue affects several functionalities, including the ParseObject methods and internal object state mutations, prior to version 7.0.0. Attackers could exploit this vulnerability to execute arbitrary code remotely. Users are advised to upgrade to version 7.0.0, where this vulnerability has been addressed, to ensure the security of their applications.

Affected Version(s)

Parse-SDK-JS < 7.0.0-alpha.1

References

https://github.com/parse-community/Parse-SDK-JS/security/...
x_refsource_CONFIRM
https://github.com/parse-community/Parse-SDK-JS/pull/2749
x_refsource_MISC
https://github.com/parse-community/Parse-SDK-JS/commit/00...
x_refsource_MISC

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62374 : Remote Code Execution Vulnerability in Parse JavaScript SDK by Parse Community