Security issue: ReDoS vulnerability detected in pm2@5.4.3

[iamnikhilnikki]

📌 Security Issue: Regular Expression Denial of Service (ReDoS) in pm2@5.4.3

 

A Regular Expression Denial of Service (ReDoS) vulnerability has been reported in pm2 version 5.4.3.

 

---

 

🛑 Vulnerability Details:

 

• CVE: CVE-2025-5891
• Snyk Advisory: SNYK-JS-PM2-10335843
• Severity: Medium (CVSS 6.9)
• Exploit Maturity: Proof of Concept available

 

📦 Affected Package Path:

 

[huineng]

also being reported for pm2-6.0.8.tgz 6.0.8

[huineng]

also reported by npm/github GHSA-x5gf-qvw8-r2rm

[chaymankala]

Fixed this vulnerability and raised a PR #6015
please check!

[OIRNOIR]

#5971 also fixes this vulnerability