VDB
WID-SEC-W-2025-0156
WID-SEC-W-2025-0156
PUBLISHED
Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben, einen Denial-of-Service-Zustand herbeizuführen oder nicht näher spezifizierte Angriffe zu starten.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source Node.js v21.x | ||
| Open Source Node.js v18.20.6 | ||
| Red Hat Enterprise Linux | ||
| Fedora Linux | ||
| Open Source Node.js v19.x | ||
| Gentoo Linux | ||
| Oracle Linux | ||
| Debian Linux | ||
| Open Source Node.js v17.x | ||
| IBM App Connect Enterprise | ||
| V24.0.0 | ||
| Open Source Node.js <v23.6.1 | ||
| Open Source Node.js v23.6.1 | ||
| Open Source Node.js <v20.18.2 | ||
| RESF Rocky Linux | ||
| Red Hat Enterprise Linux Developer Hub 1 | ||
| Open Source Node.js v20.18.2 | ||
| Open Source Node.js <v22.13.1 | ||
| Open Source Node.js <v18.20.6 | ||
| Open Source Node.js v22.13.1 |
Exploit Intelligence
- https://www.ibm.com/support/pages/node/7229110 (circl)
- https://linux.oracle.com/errata/ELSA-2025-7433.html (circl)
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0156.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0156 (circl)
- https://nodejs.org/en/blog/vulnerability/january-2025-security-releases (circl)
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-8e0ecb9bb6 (circl)
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-e330d34ecc (circl)
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-87a8af2834 (circl)
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-54958ff9e2 (circl)
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-76fc32d433 (circl)
…and 31 more exploits
Timeline
- Jan 21, 2025 CVE Published
- Jun 12, 2025 CVE Updated
- Apr 1, 2026 Distribution Patch
- Apr 1, 2026 Distribution Patch
- Apr 1, 2026 Distribution Patch
- Apr 1, 2026 Distribution Patch
- Apr 1, 2026 Distribution Patch
- Apr 1, 2026 Distribution Patch
- Apr 1, 2026 Distribution Patch
- Apr 1, 2026 Distribution Patch
References
- https://www.ibm.com/support/pages/node/7229110 url
- https://linux.oracle.com/errata/ELSA-2025-7433.html url
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0156.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0156 advisory
- https://nodejs.org/en/blog/vulnerability/january-2025-security-releases url
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-8e0ecb9bb6 url
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-e330d34ecc url
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-87a8af2834 url
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-54958ff9e2 url
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-76fc32d433 url
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-cc8f9d8943 url
- https://lists.suse.com/pipermail/sle-security-updates/2025-January/020199.html url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EAA5VVUZ2Z26CMX7SWWG3KZWFXWZOLOI/ url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5MXRI7LITQSHGS7TS5FVZS5J5SFQEZOC/ url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4GHLFJIFCCY7T6727ECCVQVUTXPGIN56/ url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WLMBUS6KTOM5ZRBZUFNAWPANSHPLYG3W/ url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3E7XMAZSXTVJEOSNVU4GOEGWDOPIAF4W/ url
- https://access.redhat.com/errata/RHSA-2025:1351 url
- https://errata.build.resf.org/RLSA-2025:1443 url
- https://access.redhat.com/errata/RHSA-2025:1446 url
…and 21 more