VDB
CVE-2025-27209
CVE-2025-27209
PUBLISHED
CVSS 8.699999809265137 HIGH
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even without knowing the hash-seed. * This vulnerability affects Node.js v24.x users.
EPSS 0.15% · 35.1th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.15%
35.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | node | 24.0.0 |
| Bitnami | node-min | 24.0.0, 24.0.0, 24.0.0 |
| Bitnami | node | 24.0.0, 24.0.0, 24.0.0 |
| Bitnami | node-min | 24.0.0 |
Exploit Intelligence
- https://www.exploit-db.com/exploits/52369 (certbund)
- HashDoS in V8 (hackerone)
- HashDoS in V8 (hackerone)
- HashDoS in V8 (hackerone)
Timeline
- CVE Published
- Jul 15, 2025 PoC Published
- Jul 19, 2025 EPSS Score
- Jul 28, 2025 EPSS Score
- Aug 6, 2025 EPSS Score
- Aug 15, 2025 EPSS Score
- Aug 25, 2025 EPSS Score
- Sep 3, 2025 EPSS Score
- Sep 12, 2025 EPSS Score
- Sep 21, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 9, 2025 EPSS Score