CVE-2025-11849
Mammoth · mammoth (npm package)
A vulnerability exists in the mammoth software package affecting versions prior to 1.11.0.
Executive summary
A critical, high-severity vulnerability in the mammoth package requires immediate attention to prevent potential exploitation in applications utilizing this library.
Vulnerability
The exact nature of this vulnerability is not specified in the provided data; however, it is classified as critical, necessitating an immediate transition to the latest available version.
Business impact
With a CVSS score of 9.3, this vulnerability suggests a high risk of remote code execution or significant data exposure. Organizations relying on this package for document processing must assess the potential for system compromise, which could lead to unauthorized data access or disruption of business-critical document workflows.
Remediation
Immediate Action: Update the mammoth package to version 1.11.0 or the most current release to ensure all known security patches are applied.
Proactive Monitoring: Review application dependency trees and monitor for any anomalous behavior in services that utilize the mammoth library.
Compensating Controls: Utilize software composition analysis (SCA) tools to identify and block vulnerable versions of dependencies within the development pipeline.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Organizations should treat this dependency update with high priority. Given the CVSS score, it is imperative to update the affected package immediately to close the security gap and protect the integrity of the dependent applications.