๐Ÿ” CVE Alert

CVE-2025-56200

MEDIUM 6.1
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

Vendor n/a
Product n/a
Published Sep 30, 2025
Last Updated Jul 5, 2026
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
gist.github.com: https://gist.github.com/junan-98/a93130505b258b9e4ec9f393e7533596 github.com: https://github.com/validatorjs/validator.js gist.github.com: https://gist.github.com/junan-98/27ae092aa40e2a057d41a0f95148f666