The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-57347

CVE-2025-57347: Dagre-d3-es Prototype Pollution RCE Flaw

CVE-2025-57347 is a prototype pollution vulnerability in Dagre-d3-es that enables remote code execution through unsanitized input. This article covers technical details, affected versions, exploitation risks, and mitigation.

Published: March 11, 2026

CVE-2025-57347 Overview

A prototype pollution vulnerability has been identified in the dagre-d3-es Node.js package version 7.0.9. The vulnerability exists within the bk module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw enables attackers to inject malicious input values such as __proto__, allowing unauthorized modification of the JavaScript Object prototype chain.

Prototype pollution is a particularly dangerous class of vulnerability in JavaScript environments, as it can affect all objects inheriting from the polluted prototype. Successful exploitation could lead to denial of service conditions, unexpected application behavior, or potential execution of arbitrary code in contexts where polluted properties are later accessed or executed.

Critical Impact

This vulnerability allows remote attackers to pollute the JavaScript Object prototype without authentication, potentially leading to arbitrary code execution, denial of service, or complete application compromise in affected Node.js applications.

Affected Products

  • tbo47 dagre-d3-es version 7.0.9
  • tbo47 dagre-d3-es versions prior to 7.0.11

Discovery Timeline

  • 2025-09-24 - CVE CVE-2025-57347 published to NVD
  • 2025-10-17 - Last updated in NVD database

Technical Details for CVE-2025-57347

Vulnerability Analysis

The vulnerability is classified under CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes), commonly known as Prototype Pollution. This class of vulnerability occurs when an application allows user input to modify the prototype of base objects in JavaScript.

In the case of dagre-d3-es, the addConflict function within the bk module accepts user-controlled input without proper validation. When special property names like __proto__, constructor, or prototype are passed as input, the function inadvertently modifies the Object prototype chain rather than creating or modifying a regular property.

The network-based attack vector means this vulnerability can be exploited remotely without requiring any user interaction or prior authentication. Applications using vulnerable versions of dagre-d3-es for graph layout and rendering operations are at risk if they process untrusted input through the affected module.

Root Cause

The root cause of this vulnerability lies in the absence of input sanitization within the addConflict function. When assigning properties to objects, the function does not verify whether the property name is a dangerous prototype attribute. JavaScript's dynamic nature allows special properties like __proto__ to modify the prototype chain when directly assigned, which the function fails to guard against.

Proper input validation should check for and reject known dangerous property names including __proto__, constructor, and prototype before performing any object property assignments.

Attack Vector

The attack vector for CVE-2025-57347 is network-based, requiring no privileges or user interaction. An attacker can craft malicious input containing prototype pollution payloads (e.g., {"__proto__": {"polluted": true}}) and send it to an application using the vulnerable dagre-d3-es package.

When the application processes this input through the addConflict function in the bk module, the malicious properties are written to the Object prototype. Subsequently, any object created in the application will inherit these polluted properties, potentially leading to:

  1. Denial of Service: Polluting properties that cause application crashes or infinite loops
  2. Property Injection: Injecting properties that bypass security checks or alter application logic
  3. Remote Code Execution: In certain contexts, polluted properties may be evaluated as code, leading to arbitrary code execution

Technical details and proof-of-concept information can be found in the GitHub PoC repository and the GitHub Issue Discussion.

Detection Methods for CVE-2025-57347

Indicators of Compromise

  • Unexpected properties appearing on JavaScript objects that were not explicitly defined
  • Application crashes or errors related to prototype chain modifications
  • Unusual behavior in graph rendering or layout operations using dagre-d3-es
  • Log entries showing attempts to access or set __proto__, constructor, or prototype properties

Detection Strategies

  • Implement dependency scanning tools to identify dagre-d3-es versions prior to 7.0.11 in your Node.js applications
  • Use static analysis tools capable of detecting prototype pollution patterns in JavaScript code
  • Monitor application logs for unusual property access patterns or prototype modification attempts
  • Deploy runtime application self-protection (RASP) solutions that can detect prototype pollution attacks

Monitoring Recommendations

  • Enable verbose logging for applications using the dagre-d3-es package to capture input validation failures
  • Implement application performance monitoring to detect unexpected behavior changes that may indicate prototype pollution
  • Set up alerts for package vulnerability notifications in your software composition analysis (SCA) tools
  • Monitor for unusual object property access patterns in runtime environments

How to Mitigate CVE-2025-57347

Immediate Actions Required

  • Audit your Node.js applications to identify usage of dagre-d3-es package versions 7.0.9 or earlier
  • Update dagre-d3-es to version 7.0.11 or later where the vulnerability has been addressed
  • Implement input validation to reject objects containing dangerous prototype properties before processing
  • Consider using Object.freeze(Object.prototype) as a defense-in-depth measure in critical applications

Patch Information

The vulnerability affects dagre-d3-es versions prior to 7.0.11. Organizations should update to version 7.0.11 or later to address this security issue. Detailed information about the fix can be found in the GitHub Issue Discussion.

Workarounds

  • Implement a sanitization wrapper around user input that filters out dangerous property names (__proto__, constructor, prototype) before passing data to dagre-d3-es functions
  • Use Object.create(null) when creating objects that will store user-controlled keys to prevent prototype pollution
  • Deploy a Web Application Firewall (WAF) with rules to detect and block prototype pollution payloads in incoming requests
  • Consider using libraries like lodash.set with prototype pollution protections or the no-proto package to harden object operations
bash
# Update dagre-d3-es to patched version
npm update dagre-d3-es@latest

# Or explicitly install the fixed version
npm install dagre-d3-es@7.0.11

# Verify installed version
npm list dagre-d3-es

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechDagre D3 Es
  • SeverityCRITICAL
  • CVSS Score9.8
  • EPSS Probability0.18%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-1321
  • Technical References
  • GitHub PoC for CVE-2025-57347
  • GitHub Issue Discussion
  • Latest CVEs
  • CVE-2026-35467: Browser API Key Information Disclosure
  • CVE-2026-35466: cveInterface.js XSS Vulnerability
  • CVE-2026-30252: ZenShare Suite XSS Vulnerability
  • CVE-2026-30251: ZenShare Suite v17.0 XSS Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English