CVE-2025-27210 — Vulnetix

CVE-2025-27210 PUBLISHED

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API.

EPSS 7.72% · 92.1th percentile

Risk Scores

EPSS Score

7.72%

92.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	node-min	24.0.0, 22.0.0, 4.0.0
Bitnami	node	4.0.0, 24.0.0, 22.0.0
Bitnami	node-min	4.0.0, 22.0.0, 24.0.0
Bitnami	node	4.0.0, 22.0.0, 24.0.0

Timeline

CVE Published
Jul 15, 2025 PoC Published
Jul 19, 2025 EPSS Score
Jul 28, 2025 EPSS Score
Aug 15, 2025 EPSS Score
Aug 16, 2025 EPSS Score
Sep 3, 2025 EPSS Score
Sep 12, 2025 EPSS Score
Sep 21, 2025 EPSS Score
Oct 9, 2025 EPSS Score
Oct 18, 2025 EPSS Score
Oct 27, 2025 EPSS Score

References

https://nodejs.org/en/blog/vulnerability/july-2025-security-releases url
https://nvd.nist.gov/vuln/detail/CVE-2025-27210 url
http://www.openwall.com/lists/oss-security/2025/07/22/2 url
Vulnérabilité dans Tenable Identity Exposure advisory

Open in Interactive Console →