CVE-2025-7783 CRITICAL

CVE-2025-7783: Usage of unsafe random function in form-data for choosing boundary

Weakness CWE-330 · Insufficient randomness
Published July 18, 2025
Last update November 3, 2025

CVSS base score

9.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

Key dates

02Disclosure timeline

July 18, 2025 CVE published
November 3, 2025 Record updated