CVE-2025-59436 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-59436 PUBLISHED CVSS 3.200000047683716 LOW

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.

EPSS 0.01% · 1.8th percentile

Risk Scores

CVSS v3.1

3.200000047683716

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS Score

0.01%

1.8th percentile

Affected Products

Vendor	Product	Versions
fedorindutny	ip	0

Timeline

Sep 16, 2025 CVE Published
Sep 16, 2025 EPSS Score
Sep 16, 2025 Coalition ESS Score
Sep 16, 2025 PoC Published
Sep 16, 2025 CVE Updated
Sep 23, 2025 EPSS Score
Sep 29, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 EPSS Score
Oct 6, 2025 Coalition ESS Score
Oct 12, 2025 EPSS Score
Oct 18, 2025 Coalition ESS Score

References

Open in Interactive Console →