CVE-2025-23165 — Vulnetix

CVE-2025-23165 PUBLISHED

EPSS 0.56% · 68.7th percentile

Risk Scores

EPSS Score

0.56%

68.7th percentile

Affected Products

Vendor	Product	Versions
Amazon	nodejs22
Amazon	nodejs20

Exploit Intelligence

Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string. (hackerone)
Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string. (hackerone)
Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string. (hackerone)

Timeline

CVE Published
May 15, 2025 PoC Published
May 19, 2025 EPSS Score
May 19, 2025 Coalition ESS Score
May 27, 2025 Coalition ESS Score
May 30, 2025 EPSS Score
Jun 10, 2025 EPSS Score
Jun 22, 2025 EPSS Score
Jul 3, 2025 EPSS Score
Jul 14, 2025 EPSS Score
Jul 25, 2025 EPSS Score
Aug 6, 2025 EPSS Score

References

ALAS2023-2025-1009: nodejs22 (important) advisory
ALAS2023-2025-1010: nodejs20 (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›