What is GHSA-x5gf-qvw8-r2rm?

GHSA-x5gf-qvw8-r2rm is a security advisory published by GitHub Security Advisories with Low severity. pm2 Regular Expression Denial of Service vulnerability

Which CVE IDs does GHSA-x5gf-qvw8-r2rm cover?

GHSA-x5gf-qvw8-r2rm covers the following CVE IDs: CVE-2025-5891. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-x5gf-qvw8-r2rm?

GHSA-x5gf-qvw8-r2rm has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

Which products are affected by GHSA-x5gf-qvw8-r2rm?

GHSA-x5gf-qvw8-r2rm affects 1 product, including: npm/pm2:\u003c 7.0.0.

GHSA-x5gf-qvw8-r2rmLowCVSS 4.3

pm2 Regular Expression Denial of Service vulnerability

Vendor

GitHub Security Advisories

Published

June 9, 2025

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2025-5891 →

📋 Description

A vulnerability classified as problematic was found in Unitech pm2 prior to 7.0.0. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

🎯 Affected products1

npm/pm2:< 7.0.0

🔗 References (11)

https://nvd.nist.gov/vuln/detail/CVE-2025-5891
https://github.com/Unitech/pm2/pull/5971
https://gist.github.com/mmmsssttt404/407e2ffe3e0eaa393ad923a86316a385
https://vuldb.com/?ctiid.311662
https://vuldb.com/?id.311662
https://vuldb.com/?submit.585750
https://github.com/Unitech/pm2/issues/6075
https://github.com/Unitech/pm2/commit/8b9354800a1d157cb9503a3ec414ef1e4700dc1c
https://github.com/Unitech/pm2/blob/ba62cae9b9b7116ee758b70f538919a52515fa26/CHANGELOG.md?plain=1#L36
https://github.com/Unitech/pm2/releases/tag/v7.0.0
https://github.com/advisories/GHSA-x5gf-qvw8-r2rm