CVE-2025-7783 – Use of Insufficiently Random Values (HTTP Parameter Pollution)

Severity: Low2025-12-19

Security Advisories

Abstract

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

The Oxygen products incorporate the form-data package as a third-party library. This advisory was opened to address the potential impact of this third-party library’s vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v8.1 and olderLowOxygen Content Fusion 8.2 build build 2025082116
Oxygen XML Web Author v27.1.0 and olderNoneOxygen XML Web Author 27.1.0 build 2025082715

Mitigation

None

Detail

CVE-2025-7783

Severity: Critical

CVSS Score: 9.4

A vulnerability in the form-data package allows HTTP Parameter Pollution (HPP) due to use of insufficiently random multipart boundaries. An attacker could exploit weak boundary values in multipart/form-data requests to manipulate downstream parameter parsing. Affected upstream versions are: < 2.5.4, 3.0.0–3.0.3, and 4.0.0–4.0.3. Component: form-data (JavaScript).

We reviewed where form-data is introduced and how it is used in our products. Our analysis indicates our code paths do not invoke form-data’s boundary generation. We have nonetheless updated dependencies to non‑vulnerable versions.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Vibe Authoring with Oxygen AI Positron 8.0
January 21, 2026

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor