CVE-2025-57320: 
JavaScript vulnerability analysis and mitigation

A Prototype Pollution vulnerability (CVE-2025-57320) was discovered in json-schema-editor-visual through version 1.1.1. The vulnerability exists in the setData and deleteData functions, which allow attackers to inject or delete properties on Object.prototype via crafted payloads. This can lead to denial of service (DoS) as a minimum consequence (NVD).

The vulnerability is classified as a CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes). The CVSS v3.1 base score is 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L. The vulnerability affects the setData and deleteData functions in the package, which fail to properly validate input, allowing for prototype pollution attacks (NVD).

Successful exploitation of this vulnerability can lead to denial of service (DoS) as a minimum consequence. The vulnerability allows attackers to modify or delete properties on the Object.prototype, which can affect the behavior of the application and potentially lead to service disruption (NVD).

Users should upgrade to a version newer than 1.1.1 when available. Until a patch is released, users should implement input validation and sanitization mechanisms to prevent prototype pollution attacks (NVD).