AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-30358: Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mes

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseMarch 27, 2025CVE-2025-30358

Summary

Mesop is a Python-based UI framework for building web applications that has a class pollution vulnerability (a flaw allowing attackers to modify global variables and class attributes at runtime, similar to prototype pollution in JavaScript) in versions before 0.14.1. This vulnerability could cause denial of service attacks (making a service unavailable), identity confusion where attackers impersonate system roles, jailbreak attacks against LLMs (large language models, AI systems that generate text), or potentially remote code execution (running unauthorized commands on a server) depending on how the application is built.

Solution / Mitigation

Users should upgrade to version 0.14.1 to obtain a fix for the issue.

Vulnerability Details

CVSS Score

8.1(high)

EPSS (30-day exploit probability)

EPSS: 3.1%

Classification

Attack Type

JailbreakDoS

Attack SophisticationModerate

Impact (CIA+S)

availability

Taxonomy References

CWE (Weakness Type)

CWE-915

Affected Vendors

Related Issues

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Similar attackNVD/CVE Database

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 92%