Description

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

INFO

Published Date :

2026-01-26T00:00:00.000Z

Last Modified :

2026-01-26T16:16:34.731Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-50537 vulnerability.

Vendors Products
Eslint
  • Eslint
Openjsf
  • Eslint
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-50537.

URL Resource
https://gist.github.com/lyyffee/2ee1815e5c2da82c05e9838b9bfefbbc cve-icon cve-icon cve-icon
https://github.com/eslint/eslint/issues/19646 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-50537 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-50537 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact