Inefficient Regular Expression Complexity in Vercel Hyper
CVE-2025-7074
Key Information:
Badges
What is CVE-2025-7074?
A notable vulnerability has been identified in Vercel's Hyper, particularly in the function expand/braceExpand/ignoreMap within hyper/bin/rimraf-standalone.js. This flaw allows for the exploitation of inefficient regular expression complexities, which can be triggered remotely. Attackers may utilize this vulnerability to perform denial-of-service (DoS) attacks or other disruptive activities. The issue has been made publicly known and poses significant security implications for users of affected versions of the Hyper product.
Affected Version(s)
hyper 3.4.0
hyper 3.4.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved