A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort (SIGABRT) during garbage collection and causes a denial-of-service.
CVE-2025-69653
NONE
EPSS 0.04%
Updated Mar 06, 2026
CVE Details
CVE ID
CVE-2025-69653
Published Date
Mar 06, 2026
Vendor
Not specified
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.04%
Likelihood of exploitation in next 30 days
Percentile:
12.2th percentile (higher than 12.2% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory