CVE-2025-56572

Description

An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.

How to fix CVE-2025-56572

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• npm/financejs—no fix listed

Is CVE-2025-56572 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 4.1.0

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-56572
• PATCHgithub.com/ebradyjobory/finance.js
• WEBfinancejs.com
• WEBmedium.com/@nakah_/cve-2025-56571-and-cve-2025-56572-denial-of-service-vulnerabilities-in-finance-js-78f8b399f53b