CVE-2025-4727 | Meteor up to 3.2.1 livedata_server.js Object.assign forwardedFor redos (Issue 13713)

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity.

The identification of this vulnerability is CVE-2025-4727. The attack may be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More