CVE-2025-57330 | web3-core-subscriptions up to 1.10.4 attachToObject prototype pollution

September 24, 2025 Yanac

A vulnerability was found in web3-core-subscriptions up to 1.10.4 and classified as problematic. This affects the function attachToObject. Such manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is traded as CVE-2025-57330. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.VulDB Recent EntriesRead More