CVE-2025-3982

nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution

CVSS 5.3 MEDIUMEPSS 0.5%CWE-1321 CWE-94

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Apr 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

nortikin · Sverchok

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/superboy-zjc/a31b8ea7466f91b437598297bf5cbce8 https://vuldb.com/?ctiid.306318 https://vuldb.com/?id.306318 https://vuldb.com/?submit.557411