CVE-2025-66456
Elysia vulnerable to prototype pollution with multiple standalone schema validation
Description
Prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an `any` type that is set as a `standalone` guard, to allow for the `__proto__` prop to be merged. When combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker. ### Impact Routes with more than 2 standalone schema validation, eg. zod Example vulnerable code: ```typescript import { Elysia } from "elysia" import * as z from "zod" const app = new Elysia() .guard({ schema: "standalone", body: z.object({ data: z.any() }) }) .post("/", ({ body }) => ({ body, win: {}.foo }), { body: z.object({ data: z.object({ messageId: z.string("pollute-me"), }) }) }) ``` ### Patches Patched by 1.4.17 (https://github.com/elysiajs/elysia/pull/1564) Reference commit: - https://github.com/elysiajs/elysia/pull/1564/commits/26935bf76ebc43b4a43d48b173fc853de43bb51e - https://github.com/elysiajs/elysia/pull/1564/commits/3af978663e437dccc6c1a2a3aff4b74e1574849e ### Workarounds Remove `__proto__` key from body Example plugin for removing `__proto__` from body ```typescript new Elysia() .onTransform(({ body, headers }) => { if (headers['content-type'] === 'application/json') return JSON.parse(JSON.stringify(body), (k, v) => { if (k === '__proto__') return return v }) }) ```
How to fix CVE-2025-66456
To remediate CVE-2025-66456, upgrade the affected package to a fixed version below.
- —upgrade to 1.4.17 or later
Is CVE-2025-66456 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.4.0, < 1.4.17