github · corridormatt · Apr 27, 2026
diff --git a/advisories/github-reviewed/2025/06/GHSA-x5gf-qvw8-r2rm/GHSA-x5gf-qvw8-r2rm.json b/advisories/github-reviewed/2025/06/GHSA-x5gf-qvw8-r2rm/GHSA-x5gf-qvw8-r2rm.json
@@ -1,21 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x5gf-qvw8-r2rm",
-  "modified": "2026-01-09T21:37:25Z",
+  "modified": "2026-01-09T21:37:47Z",
   "published": "2025-06-09T21:30:51Z",
   "aliases": [
     "CVE-2025-5891"
   ],
   "summary": "pm2 Regular Expression Denial of Service vulnerability",
   "details": "A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.8. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
-    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -32,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "6.0.14"
+              "last_affected": "6.0.6"
             }
           ]
         }
@@ -74,7 +70,7 @@
       "CWE-1333",
       "CWE-400"
     ],
-    "severity": "LOW",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-06-10T22:52:17Z",
     "nvd_published_at": "2025-06-09T19:15:25Z"