Node.js Security Update Advisory

Jan 23 2025

Overview

We have released a security update to address a vulnerability in Node.js. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-23083

Node.js versions: v20.x, v22.x, v23.x

CVE-2025-23087

Node.js Versions: ~ v17.x

CVE-2025-23088

Node.js Version: v19.x

CVE-2025-23089

Node.js Version: v21.x

Resolved Vulnerabilities

Worker privilege bypass vulnerability via InternalWorker leak (CVE-2025-23083)
Vulnerability using an end-of-support version of Node.js (CVE-2025-23087)
Vulnerability Using an End-of-Support Version of Node.js (CVE-2025-23088)
Vulnerability Using an End-of-Support Version of Node.js (CVE-2025-23089)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-23083, CVE-2025-23087, CVE-2025-23088, CVE-2025-23089

Node.js versions: v18.20.6, v20.18.2, v22.13.1, v23.6.1

References

[1] Tuesday, January 21, 2025 Security Releases
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
[2] Upcoming CVE for End-of-Life Node.js Versions
https://nodejs.org/en/blog/vulnerability/upcoming-cve-for-eol-versions
https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w

Node.js Security Update Advisory

Python Package Security Update Advisory (CVE-2025-22146)

Oracle Family January 2025 Security Update Advisory

Tags:

Python Package Security Update Advisory (CVE-2025-22146)

Oracle Family January 2025 Security Update Advisory