CVE-2025-27209 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-27209 PUBLISHED CVSS 8.699999809265137 HIGH

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even without knowing the hash-seed. * This vulnerability affects Node.js v24.x users.

EPSS 0.02% · 5.7th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

5.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	node	24.0.0
Bitnami	node-min	24.0.0, 24.0.0, 24.0.0
Bitnami	node	24.0.0, 24.0.0, 24.0.0
Bitnami	node-min	24.0.0

Timeline

CVE Published
Jul 15, 2025 PoC Published
Jul 19, 2025 EPSS Score
Jul 28, 2025 EPSS Score
Aug 5, 2025 EPSS Score
Aug 14, 2025 EPSS Score
Aug 22, 2025 EPSS Score
Aug 31, 2025 EPSS Score
Sep 9, 2025 EPSS Score
Sep 17, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 4, 2025 EPSS Score

References

Open in Interactive Console →