CVE-2025-23085 — Vulnetix

CVE-2025-23085 PUBLISHED

EPSS 0.16% · 37.3th percentile

Risk Scores

EPSS Score

0.16%

37.3th percentile

Affected Products

Vendor	Product	Versions
Amazon	nodejs20
Amazon	nodejs

Exploit Intelligence

GOAWAY HTTP/2 frames cause memory leak outside heap (hackerone)
GOAWAY HTTP/2 frames cause memory leak outside heap (hackerone)
GOAWAY HTTP/2 frames cause memory leak outside heap (hackerone)

Timeline

CVE Published
Feb 6, 2025 PoC Published
Feb 7, 2025 Coalition ESS Score
Feb 7, 2025 Coalition ESS Score
Feb 8, 2025 EPSS Score
Feb 23, 2025 EPSS Score
Feb 25, 2025 Coalition ESS Score
Mar 9, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Apr 8, 2025 EPSS Score
Apr 22, 2025 EPSS Score
May 7, 2025 EPSS Score

References

ALAS2023-2025-843: nodejs (medium) advisory
ALAS2023-2025-822: nodejs20 (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›