CVE-2025-69873 — Regex Denial of Service in AJV

CWE-1333 — Regex Denial of Service CWE-400 — Uncontrolled Resource Consumption9 documents8 sources

Severity

2.9LOWNVD

EPSS

0.0%

top 95.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ajv.js AJV Debian Node-ajv Msrc Azl3 Python-tensorboard 2.16.2-6 ON Azure Linux 3.0 +1 more

Timeline

PublishedFeb 11

Latest updateApr 15

Description

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 1.4 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5ajv.js/ajv7.0.0 — 8.17.2+1

▶npmajv.js/ajv7.0.0-alpha.0 — 8.18.0+1

▶debiandebian/node-ajv< node-ajv 8.18.0~ds+~cs6.1.1-1 (forky)

▶msrcmsrc/azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0

▶msrcmsrc/cbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0

🔴Vulnerability Details

VulDB

ajv up to 8.17.1 RegExp data redos (Nessus ID 298757 / WID-SEC-2026-0935)↗2026-04-15

▶

OSV

CVE-2025-69873: ajv (Another JSON Schema Validator) before 8↗2026-02-11

▶

GHSA

ajv has ReDoS when using `$data` option↗2026-02-11

▶

OSV

ajv has ReDoS when using `$data` option↗2026-02-11

▶

📋Vendor Advisories

Red Hat

ajv: ReDoS via $data reference↗2026-02-11

▶

Microsoft

▶

Debian

CVE-2025-69873: node-ajv - ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expre...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-69873 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶