CVE-2025-61140

high

Red Hat

CVSS v3 Base Score

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: January 28, 2026

Last Modified: January 28, 2026

Vendor: Red Hat

Description

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

CWE

CWE-502

Affected Products

Migration Toolkit for VirtualizationOpenShift PipelinesRed Hat Ansible Automation Platform 2Red Hat Developer HubRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Fuse 7Red Hat OpenShift AI (RHOAI)Red Hat Quay 3Red Hat Ansible Automation Platform 2.5Red Hat Ansible Automation Platform 2.6

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 gist.github.com 🔗 github.com

CVE-2025-61140

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References