AIKIDO-2025-10094
@octokit/endpoint is vulnerable to Regular Expression Denial of Service (ReDoS)
71
High
@octokit/endpoint JS
AIKIDO-2025-10094: @octokit/endpoint is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 2.1.0 - 9.0.5 and 10.0.0 - 10.1.2.
Regular Expression Denial of Service (ReDoS)
Vuln in 2.1.0 - 9.0.5
Fixed in 9.0.6
Vuln in 10.0.0 - 10.1.2
Fixed in 10.1.3
CVE-2025-25285
TL;DR
Who does this affect?
How can it be fixed?
Background info
Donโt be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
ยฉ 2024 Aikido Security BV | BE0792914919
๐ช๐บ Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
๐ช๐บ Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
๐บ๐ธ Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use.
The Intel vulnerability and malware feed is licensed under a dual license.