CVE-2025-30358

CVE-2025-30358 is a class pollution vulnerability affecting Mesop, a Python-based UI framework for building web applications, in versions prior to 0.14.1. The flaw allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime, akin to JavaScript prototype pollution. This manipulation can alter the application's data-flow or control-flow, with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and is classified under CWE-915.

Attackers with low privileges, such as authenticated users accessible over the network, can exploit this vulnerability without user interaction. Successful exploitation directly enables denial-of-service (DoS) attacks against the server by disrupting availability. It also facilitates identity confusion, allowing impersonation of assistant or system roles in conversations, which could enable jailbreak attacks when Mesop interacts with large language models (LLMs). Depending on the application's implementation and available gadgets, it may escalate to remote code execution.

The Mesop security advisory (GHSA-f3mf-hm6v-jfhh) and associated patch commit recommend upgrading to version 0.14.1, which addresses the class pollution issue by preventing unauthorized overwrites of global variables and class attributes.

This vulnerability has particular relevance to AI/ML deployments, as its potential for LLM jailbreaks highlights risks in frameworks bridging UI and language model interactions, though no real-world exploitation has been reported.