CVE-2025-7783 — Use of Insufficiently Random Values in Node-form-data

CWE-330 — Use of Insufficiently Random Values12 documents8 sources

Severity

9.4CRITICALNVD

EPSS

0.4%

top 38.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Node-form-data Axios Msrc Azl3 Python-tensorboard 2.16.2-6 ON Azure Linux 3.0 +2 more

Timeline

PublishedJul 18

Latest updateMar 12

Description

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages5 packages

▶debiandebian/node-form-data< node-form-data 4.0.0-1+deb12u1 (bookworm)

▶npmaxios/axios1.10.0 — 1.11.0

▶msrcmsrc/cbl2_reaper_3.1.1-19_on_cbl_mariner_2.0

▶msrcmsrc/azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0

▶msrcmsrc/cbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data↗2025-07-23

▶

GHSA

Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data↗2025-07-23

▶

OSV

form-data uses unsafe random function in form-data for choosing boundary↗2025-07-21

▶

GHSA

form-data uses unsafe random function in form-data for choosing boundary↗2025-07-21

▶

OSV

CVE-2025-7783: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP)↗2025-07-18

▶

📋Vendor Advisories

CISA ICS

Siemens SIDIS Prime↗2026-03-12

▶

Ubuntu

Form-Data vulnerability↗2026-01-26

▶

Red Hat

form-data: Unsafe random function in form-data↗2025-07-18

▶

Microsoft

Usage of unsafe random function in form-data for choosing boundary↗2025-07-08

▶

Debian

CVE-2025-7783: node-form-data - Use of Insufficiently Random Values vulnerability in form-data allows HTTP Param...↗2025

▶