MeldSecurity
Press Enter to search
CVE Database & Search โ†’
Sign In Get Started

CVE-2025-65570

๐Ÿšจ CRITICAL

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an โ€œinstanceofโ€ expression uses an array element access as the left-hand operand inside a for-i...

Published
Dec 29, 2025
Last Modified
Dec 31, 2025
Views
4
Bookmarks
0

Description

Request Expert Review

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an โ€œinstanceofโ€ expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather than consuming it during OP_INSTANCEOF. As a result, OP_NEXT interprets the array as an iterator object and reads the iterCmd function pointer from an invalid structure, potentially causing a crash or enabling code execution depending on heap layout.

Affected Products (1)

jsish - jsish

Version: 2.0

CVSS Scores

CVSS 3.1 9.8
9.8
CRITICAL
CVSS 2.0 9.8

References

blog.mcsky.ro blog.mcsky.ro

Additional Information

Source
cve@mitre.org
State
Analyzed

Related CVEs

CVE-2026-1139

HIGH

A vulnerability has been found in UTT ่ฟ›ๅ– 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The...

Score: 8.8

CVE-2026-1138

HIGH

A flaw has been found in UTT ่ฟ›ๅ– 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can...

Score: 8.8

CVE-2026-1137

HIGH

A vulnerability was detected in UTT ่ฟ›ๅ– 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig....

Score: 8.8

CVE-2026-1136

LOW

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bCont...

Score: 3.5

CVE-2026-1135

MEDIUM

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. T...

Score: 4.3

CVE-2026-1134

MEDIUM

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The ma...

Score: 4.3

Share CVE-2025-65570

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-65570 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis