VDB
BDU%3A2025-09382
BDU%3A2025-09382
PUBLISHED
CVSS 6.199999809265137 MEDIUM
Уязвимость функции path.normalize() программной платформы Node.js, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
Risk Scores
CVSS 2.0
6.199999809265137
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Node.js Foundation | Node.js |
Exploit Intelligence
- 2 web apps vulnerable to CVE-2025-27210 (github-poc)
- (PoC) CVE-2025-27210, a precise Path Traversal vulnerability affecting Node.js applications running on Microsoft Windows. This vulnerability leverages the specific way Windows handles reserved device file names (github-poc)
- safe-path.cjs (github-poc)
Timeline
- Aug 4, 2025 CVE Published
- Sep 26, 2025 CVE Updated
References
- https://nodejs.org/en/blog/vulnerability/july-2025-security-releases#hashdos-in-v8-cve-2025-27209---high url
- https://1275.ru/vulnerability/kriticheskie-uyazvimosti-v-node-js-ugrozhayut-bezopasnosti-windows-prilozheniy-patch-traversal-i-hashdos-ataki_13006 url
- https://github.com/mindeddu/Vulnerable-CVE-2025-27210 url