CVE-2025-13465

🗓️ 21 Jan 2026 19:05:28Reported by openjsType

Prototype pollution in Lodash unset and omit risks deleting global prototype properties; fixed in 4.17.23.

Reporter	Title	Published	Views	Family All 386
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Tivoli Netcool/OMNIbus_GUI	26 May 202614:03	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Lodash	24 Apr 202616:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	22 Jun 202613:49	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software	22 Jun 202614:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-13465)	10 Mar 202614:43	–	ibm
IBM Security Bulletins	Security Bulletin: Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier	8 Jun 202618:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for January 2026 - Multiple CVEs addressed	11 Feb 202607:25	–	ibm
IBM Security Bulletins	Security Bulletin: : Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in dependencies	8 Jun 202614:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.	30 Apr 202612:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in lodash and lodash-es (CVE-2026-2950, CVE-2026-4800)	2 Jun 202611:19	–	ibm

NVD

Node

lodash lodashRange4.0.0–4.17.23node.js

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "https://github.com/lodash/lodash"
    ],
    "packageName": "lodash",
    "product": "Lodash",
    "repo": "https://github.com/lodash/lodash",
    "vendor": "Lodash",
    "versions": [
      {
        "lessThanOrEqual": "4.17.22",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "https://github.com/lodash/lodash"
    ],
    "product": "Lodash-amd",
    "repo": "https://github.com/lodash/lodash",
    "vendor": "Lodash-amd",
    "versions": [
      {
        "lessThanOrEqual": "4.17.22",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "https://github.com/lodash/lodash"
    ],
    "product": "lodash-es",
    "repo": "https://github.com/lodash/lodash",
    "vendor": "lodash-es",
    "versions": [
      {
        "lessThanOrEqual": "4.17.22",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "https://github.com/lodash/lodash"
    ],
    "product": "lodash.unset",
    "repo": "https://github.com/lodash/lodash",
    "vendor": "lodash.unset",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-253495.html

17 Jun 2026 08:34Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3

CVSS 47.9

EPSS0.00317

SSVC

CWE-1321