{"data":{"id":"d85fa0b7-c237-48ca-9e99-cf669996a0c5","title":"CVE-2025-30358: Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mes","summary":"Mesop is a Python-based UI framework for building web applications that has a class pollution vulnerability (a flaw allowing attackers to modify global variables and class attributes at runtime, similar to prototype pollution in JavaScript) in versions before 0.14.1. This vulnerability could cause denial of service attacks (making a service unavailable), identity confusion where attackers impersonate system roles, jailbreak attacks against LLMs (large language models, AI systems that generate text), or potentially remote code execution (running unauthorized commands on a server) depending on how the application is built.","solution":"Users should upgrade to version 0.14.1 to obtain a fix for the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-30358","publishedAt":"2025-03-27T15:16:02.297Z","cveId":"CVE-2025-30358","cweIds":["CWE-915"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["jailbreak","denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Mesop","Google"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.03115,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity","safety"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}