Overview
A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields() function in the extra module. The program’s library contains a method called setByPath() that does not properly sanitize property names, allowing attackers to add or modify properties on an object’s prototype.
Description
The CASL library provides a robust suite for managing attribute-based access control across various components, services, and queries. Access control is defined with a set of rule conditions. The library provides a set of default values for these conditions.
In JavaScript libraries like CASL, prototypes are template objects that serve as blueprints and inform the properties of their child objects. By exploiting this prototype pollution vulnerability, an attacker can inject arbitrary properties into global object prototypes, thereby affecting all child objects that inherit from them. The issue arises from a flaw in the setByPath() function, a component of the rulesToFields() function in the extra module.
The setByPath() function is intended to safely update only permitted fields; however, it fails to properly sanitize path segments before using them as object property keys. Consequently, special property names such as prototype and constructor are accepted as valid keys, allowing an attacker to modify the properties of object prototypes and constructor classes. Furthermore, the _proto_ special property can be used to traverse the prototype chain and ultimately write to Object.prototype, the root prototype of all objects. By polluting Object.prototype, an attacker can add arbitrary properties to all objects and compromise the prototype chain throughout the Node.js process.
Impact
As Object.prototype is the root prototype that all JavaScript objects inherit from, changes to its properties can be significant, allowing an attacker to execute arbitrary code and potentially leading to a complete system compromise. Additionally, an attacker can bypass intended authorization logic, allowing unauthorized access to sensitive resources. Furthermore, changes to Object.prototype can cause unintended behavior in application code, leading to logic manipulation and potentially allowing an attacker to perform actions that would normally be restricted.
Manipulating properties in Object.prototype can also cause crashes or unexpected behavior if polluted properties do not match expected types in the application code, leading to a denial of service. Overall, the Object.prototype pollution vulnerability poses a significant risk to applications and systems. Because the vulnerability exists in the CASL library, which is used by multiple applications and services, a single exploit can have a ripple effect, compromising multiple systems and potentially leading to a widespread security breach.
Solution
Users of the library should upgrade to version 6.7.5 or later, found at https://github.com/stalniy/casl/tree/master/packages/casl-ability.
Acknowledgements
Thanks to Maor Caplan from the Alma Security for coordinating the disclosure of this vulnerability. This document was written by Ayushi Kriplani and Dr. E. Drennan, CISSP.

Microsoft has confirmed an issue

Overview
An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory access.
Description
libheif is an open-source library used for decoding and encoding modern image formats, including HEIF (High Efficiency Image File Format) and AVIF (AV1 Image File Format). These formats provide high compression efficiency and are widely used across mobile devices and online platforms.
libheif contains an out-of-bounds iterator access vulnerability in its uncompressed codec. The issue occurs when the decoder processes certain metadata structures within a HEIF file. Specifically, the decoder fails to adequately validate values read from an internal metadata box before performing iterator arithmetic on the underlying data buffer.
As a result, a malformed HEIF file can cause the decoder to read past the end of the input buffer and incorrectly interpret unrelated memory as valid metadata. This invalid memory access may lead to a segmentation fault during image decoding.
The CVE-2025-65586 captures this out-of-bounds checking flaw in libheif’s uncompressed codec that allows a maliciously crafted HEIF file to trigger an out-of-bounds read, resulting in a segmentation fault and denial of service when the file is parsed. The vulnerability was introduced in commit 6190b58f (October 3, 2024). Versions v1.19.0 through Versions 1.20.2 are affected by this vulnerbaility. The versions v1.17.6 and earlier are not affected. The issue was reported to the libheif project and has been fixed in commit f4d9157 (November 5, 2025) and then merged to the version release 1.21.0 at the end of 2025.
Impact
An attacker can exploit this vulnerability by supplying a maliciously crafted HEIF image, causing applications that use libheif to crash. Based on current analysis, exploitation is limited to denial-of-service conditions.
Potential impacts include

Unexpected termination of applications that decode HEIF images
Crashes in systems that automatically generate previews or thumbnails
Disruption of services that process untrusted HEIF content (e.g., browsers, email clients, photo management tools)

There is no evidence at this time that this vulnerability can be used to achieve memory disclosure or arbitrary code execution.
Discovery
The vulnerability was discovered through coverage-guided fuzzing using AddressSanitizer-instrumented builds of libheif. The issue was reproducible across standard Linux development environments.
Solution
Software vendors and developers using the libheif library are strongly encouraged to update to version 1.21.0 or later, which includes the fix for this vulnerability. End users should apply available software updates to ensure they are running a version of libheif that addresses this issue.
Acknowledgements
Thanks to the reporter Maor Caplan for identifying the vulnerability and to Dirk Farin for implementing the fix.
This document was written by Timur Snoke.