A critical vulnerability in the widely-used Lodash library, identified as CVE-2025-13465, allows attackers to delete essential properties from the global Object prototype, leading to widespread Denial of Service (DoS) and logic failures. Unlike traditional prototype pollution, this flaw exploits the _.unset and _.omit functions to remove core language methods like toString or hasOwnProperty.

This issue affects Lodash versions prior to 4.17.23. An attacker can supply a path such as `__proto__.toString` to delete the `toString` method from `Object.prototype`, causing every object in an application to lose that method. This results in immediate application crashes or security vulnerabilities if the application logic relies on these methods.

The fix involves strict validation of path segments to prevent access to `__proto__` and `constructor`. Users are advised to update to Lodash 4.17.23 or higher and audit their dependencies to ensure all transitive dependencies are also updated. Additionally, developers can mitigate risks by rejecting inputs containing 'proto', 'constructor', or 'prototype' and using `Object.freeze(Object.prototype)` to prevent modifications.

This vulnerability underscores the importance of maintaining and updating popular libraries. With Lodash being a staple in many JavaScript projects, prompt remediation is crucial to avoid severe security and stability issues.