Cyber Posture

CVE-2025-66456

CriticalPublic PoC

Published: 09 December 2025

Published
09 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with the same key. Due to…

more

the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the `__proto__ prop` to be merged. When combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker. This issue is fixed in version 1.4.17. To workaround, remove the `__proto__ key` from body.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the prototype pollution flaw in Elysia versions 1.4.0-1.4.16 by patching to 1.4.17.

SI-10 Information Input Validation good match
prevent

Enforces validation of request body content during schema processing to block or sanitize malicious __proto__ payloads that enable prototype pollution.

SI-9 Information Input Restrictions good match
prevent

Restricts unauthorized information such as __proto__ keys from being inserted into request bodies prior to mergeDeep processing, aligning with the recommended workaround.

Security SummaryAI

CVE-2025-66456 is a prototype pollution vulnerability (CWE-1321) affecting the Elysia TypeScript framework, which handles request validation, type inference, OpenAPI documentation, and client-server communication. The issue resides in the `mergeDeep` function, occurring after merging results from two standard schema validations sharing the same key. This flaw impacts versions 1.4.0 through 1.4.16, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact remote exploitation.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Exploitation hinges on specific conditions, including an "any" type set as a standalone guard that permits the `__proto__` property to merge during the validation process. When chained with GHSA-8vch-m3f4-q8jf, it enables full remote code execution (RCE) by polluting the JavaScript prototype chain.

The vulnerability is fixed in Elysia version 1.4.17. As a workaround, applications should remove the `__proto__` key from request bodies prior to processing. Official advisories and patches are detailed in GitHub security advisory GHSA-hxj9-33pp-j2cc, related advisory GHSA-8vch-m3f4-q8jf, pull request #1564, and commits 26935bf76ebc43b4a43d48b173fc853de43bb51e and 3af978663e437dccc6c1a2a3aff4b74e1574849e.

Details

CWE(s)
CWE-1321

Affected Products

elysiajs
elysia
1.4.0 — 1.4.17

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Critical unauthenticated remote prototype pollution vulnerability in public-facing Elysia web framework directly enables exploitation of public-facing applications, potentially leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References