Description

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.

INFO

Published Date :

2025-11-27T05:00:01.916Z

Last Modified :

2026-01-29T23:06:54.441Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12758 vulnerability.

Vendors Products
Validator Project
  • Validator
Validatorjs
  • Validator.js
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12758.

URL Resource
http://seclists.org/fulldisclosure/2026/Jan/27 cve-icon
https://gist.github.com/koral--/ad31208b25b9e3d1e2e35f1d4d72572e cve-icon cve-icon
https://github.com/validatorjs/validator.js/pull/2616 cve-icon cve-icon
https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-13653476 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact