Description

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. This issue has been patched in version 11.1.1.

INFO

Published Date :

2025-04-24T13:58:30.536Z

Last Modified :

2025-05-14T20:07:29.865Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-43855 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-43855.

URL Resource
https://github.com/trpc/trpc/commit/9beb26c636d44852e0f407f3d7a82ad54df65b4d cve-icon cve-icon
https://github.com/trpc/trpc/security/advisories/GHSA-pj3v-9cm8-gvj8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability