A critical security vulnerability has been discovered in the widely used FormData npm package, affecting millions of Node.js applications worldwide.
The vulnerability, designated as CVE-2025-7783, stems from the package’s use of the predictable Math.random() A function to generate boundary values for multipart form-encoded data, potentially allowing attackers to inject malicious parameters into HTTP requests and gain unauthorized access to internal systems.
https://cyberpress.org/javascript-library-flaw/