CVE-2025-57349 — The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions — CVE Database · The Intelligence Room