CVE-2025-4690

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4690
A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter/linky  filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service (ReDoS) https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS  attack on the application. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://codepen.io/herodevs/pen/RNNEPzP/751b91eab7730dff277523f3d50e4b77
https://www.herodevs.com/vulnerability-directory/cve-2025-4690
https://codepen.io/herodevs/pen/RNNEPzP/751b91eab7730dff277523f3d50e4b77
https://www.herodevs.com/vulnerability-directory/cve-2025-4690
Configurations

No configuration.

History

20 Aug 2025, 14:40

Type Values Removed Values Added
Summary
  • (es) Una expresión regular utilizada por el filtro linky de AngularJS (https://docs.angularjs.org/api/ngSanitize/filter/linky) para detectar URL en el texto de entrada es vulnerable a un tiempo de ejecución superlineal debido al retroceso. Con una entrada grande y cuidadosamente manipulada, esto puede provocar un ataque de denegación de servicio de expresión regular (ReDoS) (https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) en la aplicación. Este problema afecta a todas las versiones de AngularJS. Nota: El proyecto AngularJS ha finalizado su ciclo de vida y no recibirá actualizaciones para solucionar este problema. Para más información, consulte https://docs.angularjs.org/misc/version-support-status.

19 Aug 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-19 14:15

Updated : 2025-08-20 14:40

NVD link : CVE-2025-4690

Mitre link : CVE-2025-4690

CVE.ORG link : CVE-2025-4690

JSON object : View

Products Affected

No product.

CWE
CWE-1333

Inefficient Regular Expression Complexity