Description

A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter/linky  filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service (ReDoS) https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS  attack on the application. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

INFO

Published Date :

2025-08-19T13:19:27.919Z

Last Modified :

2025-08-19T13:35:50.828Z

Source :

HeroDevs
AFFECTED PRODUCTS

The following products are affected by CVE-2025-4690 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4690.

URL Resource
https://codepen.io/herodevs/pen/RNNEPzP/751b91eab7730dff277523f3d50e4b77 cve-icon cve-icon cve-icon
https://www.herodevs.com/vulnerability-directory/cve-2025-4690 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact