CVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

We have discovered 782 live websites that are affected by CVE-2025-61140.

Run a Free Instant Scan



Affected Software

Product  jsonpath
Category JavaScript Libraries
Vulnerable Domains782 live websites (100% of jsonpath install base)
Vulnerable Versions
  • from 0 through 1.1.1
Vulnerable Versions Count2 versions ( 100% of all versions)



Details

  • Published - Jan 28, 2026
  • Updated - Jan 29, 2026

Website Distribution by Country

Number of websites using CVE-2025-61140
United States269 websites


Taiwan449 websites
Malaysia14 websites
Hong Kong12 websites
Korea, South10 websites
Switzerland3 websites
Germany3 websites
France3 websites
Denmark2 websites
Singapore2 websites

Website Distribution by TLD

Number of websites using CVE-2025-61140
.com216 websites
.net4 websites
.co3 websites
.ch2 websites
.io2 websites
.com.cn1 websites
.eu1 websites
.nl1 websites
.se1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-61140

Top websites that are affected by CVE-2025-61140. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.com United States**,***
*******.com United States***,***
**.**********.com United States***,***
********.***.tw Taiwan***,***
******.***.tw Germany***,***
*************.tw United States***,***
****.***.***.tw Taiwan***,***
********.***.tw Taiwan***,***
****.******.***.tw Taiwan***,***
****.******.***.tw Taiwan***,***
See full domain list

FAQ

A total of 782 websites have been identified as vulnerable to CVE-2025-61140, based on global website indexing conducted by WebTechSurvey.
The jsonpath is affected by the CVE-2025-61140 vulnerability.
jsonpath versions up to and including 1.1.1 are vulnerable to CVE-2025-61140.