Description

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.

INFO

Published Date :

2026-02-11T00:00:00.000Z

Last Modified :

2026-03-03T17:25:31.651Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69873 vulnerability.

Vendors Products
Ajv-validator
  • Ajv
Ajv.js
  • Ajv
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69873.

URL Resource
https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md cve-icon cve-icon cve-icon
https://github.com/advisories/GHSA-2g4f-4pwh-qvx6 cve-icon cve-icon
https://github.com/ajv-validator/ajv/pull/2588 cve-icon cve-icon
https://github.com/ajv-validator/ajv/pull/2590 cve-icon cve-icon
https://github.com/ajv-validator/ajv/releases/tag/v6.14.0 cve-icon cve-icon
https://github.com/github/advisory-database/pull/6991 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-69873 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-69873 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact