CVE-2025-61140

high Red Hat
CVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 80% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: January 28, 2026 (107 days ago)
Last Modified: January 28, 2026
Vendor: Red Hat
Fix Available: ✓ Yes

Description

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

CWE

CWE-502

Affected Products

Migration Toolkit for VirtualizationOpenShift PipelinesRed Hat Ansible Automation Platform 2Red Hat Developer HubRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Fuse 7Red Hat OpenShift AI (RHOAI)Red Hat Quay 3Red Hat Ansible Automation Platform 2.5Red Hat Ansible Automation Platform 2.6

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 gist.github.com 🔗 github.com