Use of Insufficiently Random Values in form-data

CVE-2025-7783

form-data
org.webjars.npm:form-data

High

9.4/10

Summary

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with the program file `lib/form_data.js`. This issue affects form-data versions prior to 2.5.4, versions 3.0.0 through 3.0.3, and versions 4.0.0 through 4.0.3.

Attack Complexity: HIGH
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-330 - Use of Insufficiently Random Values

The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References

Advisory
Release Note
POC/Exploit

Advisory Timeline

Published Jul 18, 2025

Use of Insufficiently Random Values in form-data

CVE-2025-7783

Summary

CWE-330 - Use of Insufficiently Random Values

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS