CVE-2025-57810 – CVE-2025-57810 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2025-57810?

CVE-2025-57810 has a CVSS score of 7.5 (HIGH). CVE-2025-57810 is a denial-of-service vulnerability in jsPDF library where user-controlled input to the addImage method can cause high CPU utilization. Attackers can provide malicious PNG files or URLs to trigger resource exhaustion. This affects any application using vulnerable jsPDF versions to generate PDFs from user-supplied images.

📋 TL;DR

CVE-2025-57810 is a denial-of-service vulnerability in jsPDF library where user-controlled input to the addImage method can cause high CPU utilization. Attackers can provide malicious PNG files or URLs to trigger resource exhaustion. This affects any application using vulnerable jsPDF versions to generate PDFs from user-supplied images.

💻 Affected Systems

Products:

jsPDF

Versions: All versions prior to 3.0.2

Operating Systems: All platforms using JavaScript/Node.js

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using jsPDF's addImage method with user-controlled input is vulnerable regardless of platform.

📦 What is this software?

Jspdf by Parall

View all CVEs affecting Jspdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to CPU exhaustion, affecting all users of the application until manual intervention.

🟠

Likely Case

Degraded performance and intermittent service disruptions for users processing PDFs with images.

🟢

If Mitigated

Minimal impact with proper input validation and resource limits in place.

🌐 Internet-Facing: HIGH - Web applications accepting user uploads for PDF generation are directly exposed.

🏢 Internal Only: MEDIUM - Internal applications with trusted users have lower risk but still vulnerable to malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only the ability to provide image data to addImage method, making it simple to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.2

Vendor Advisory: https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw

Restart Required: No

Instructions:

1. Update jsPDF dependency to version 3.0.2 or later. 2. For npm: 'npm update jspdf'. 3. For yarn: 'yarn upgrade jspdf'. 4. Verify the update in package.json.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of image inputs before passing to addImage method

Resource limiting

all

Implement CPU timeouts and resource limits for PDF generation processes

🧯 If You Can't Patch

Implement strict input validation to reject or sanitize all user-provided image data before processing
Deploy rate limiting and resource quotas to prevent CPU exhaustion from repeated attacks

🔍 How to Verify

Check if Vulnerable:

Check package.json or node_modules/jspdf/package.json for version less than 3.0.2

Check Version:

npm list jspdf | grep jspdf OR cat node_modules/jspdf/package.json | grep version

Verify Fix Applied:

Confirm jsPDF version is 3.0.2 or higher in package.json and verify the application processes test PNG files without CPU spikes

📡 Detection & Monitoring

Log Indicators:

Unusually high CPU usage during PDF generation
Multiple failed PDF generation attempts with image processing errors
Process timeouts or crashes in PDF generation services

Network Indicators:

Multiple large image uploads to PDF generation endpoints in short timeframes
Unusual patterns of image file uploads followed by PDF download requests

SIEM Query:

source="application_logs" AND ("PDF generation" OR "addImage") AND (cpu_usage > 90 OR process_timeout = true)

📊 Metadata

CVE ID: CVE-2025-57810

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 0.24% exploit probability (46.2th percentile)

Published: August 26, 2025

Last Updated: September 9, 2025

🔗 References

https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9 Patch
https://github.com/parallax/jsPDF/pull/3880 Issue Tracking
https://github.com/parallax/jsPDF/releases/tag/v3.0.2 Release Notes
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw Exploit,Vendor Advisory
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57810, you might also want to check these: