CVE-2025-66456 in elysia
Summary
by MITRE • 12/09/2025
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the `__proto__ prop` to be merged. When combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker. This issue is fixed in version 1.4.17. To workaround, remove the `__proto__ key` from body.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/17/2025
The vulnerability identified as CVE-2025-66456 affects the Elysia Typescript framework, specifically targeting version ranges 1.4.0 through 1.4.16. This issue resides within the `mergeDeep` function that handles the merging of schema validation results during request processing. The framework's design for request validation, type inference, OpenAPI documentation, and client-server communication creates an attack surface where prototype pollution can occur during the merging of validation outcomes. The vulnerability stems from the improper handling of object property merging when two schema validations contain identical keys, creating a scenario where prototype pollution can be exploited through the manipulation of the `_proto_` property.
The technical flaw manifests when the `mergeDeep` function processes validation results from standard schema validations that contain duplicate keys. The specific condition requires that there be an 'any' type field set as a standalone guard within the validation schema to enable the `_proto_` property to be successfully merged into the target object. This design allows attackers to inject malicious prototype properties during the merge operation, effectively polluting the Object prototype chain. The vulnerability operates at the intersection of improper input validation and inadequate object merging logic, creating a pathway for prototype pollution attacks that can be leveraged to manipulate core JavaScript object behaviors.
When combined with the previously identified vulnerability GHSA-8vch-m3f4-q8jf, CVE-2025-66456 becomes particularly dangerous as it enables full remote code execution capabilities. The prototype pollution vulnerability can be exploited to manipulate the prototype chain of objects, potentially allowing attackers to inject malicious code that executes in the context of the server process. This combination creates a complete attack vector where an attacker can first pollute the prototype chain through the mergeDeep function and then leverage the additional vulnerability to execute arbitrary code on the server. The attack chain demonstrates how seemingly isolated vulnerabilities can compound to create severe security implications, with the merged prototype pollution providing the necessary foothold for remote code execution.
The impact of this vulnerability extends beyond simple data corruption or privilege escalation, as it fundamentally compromises the integrity of the JavaScript runtime environment. The exploitation of this vulnerability can lead to complete server compromise, data exfiltration, and unauthorized access to backend services. The framework's role in handling request validation and server communication makes it a prime target for attackers seeking to gain persistent access to backend systems. Organizations using affected versions of Elysia must understand that this vulnerability can be exploited through crafted HTTP requests that manipulate validation schemas to achieve prototype pollution, which then enables the subsequent RCE attack through the combined vulnerability chain.
The recommended mitigation strategy involves upgrading to version 1.4.17 of the Elysia framework, which includes patches addressing the prototype pollution issue in the mergeDeep function. This upgrade resolves the core vulnerability by implementing proper object merging logic that prevents prototype pollution during schema validation result consolidation. As a temporary workaround, administrators can remove the `_proto_` key from request bodies to prevent the exploitation vector, though this approach may limit legitimate functionality. The vulnerability aligns with CWE-471, which describes the improper handling of prototype pollution, and can be mapped to ATT&CK technique T1059.007 for remote code execution through JavaScript runtime manipulation. Organizations should also implement input validation controls and monitor for suspicious patterns in request data that might indicate attempts to exploit this vulnerability through prototype pollution attacks.