Node.js Security Update Advisory

Jul 22 2025

Overview

We have released a security update to address a vulnerability in Node.js. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-27209

Node.js Version: 24.0 and above but below 24.4.1

CVE-2025-27210

Node.js Version: 24.0 or later but less than 24.4.1
Node.js Version: 22.0 or later and less than 22.17.1
Node.js version: 20.0 or higher but less than 20.19.4

Resolved Vulnerabilities

HashDoS vulnerability due to hash collision in Node.js (CVE-2025-27209)
Path traversal bypass vulnerability due to poor device name handling in Node.js (CVE-2025-27210)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-27209

Node.js Version: 24.4.1

CVE-2025-27210

Node.js Version: 24.4.1
Node.js Version : 22.17.1
Node.js Version: 20.19.4

References

[1] Tuesday, July 15, 2025 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

Node.js Security Update Advisory

SQLite Security Update Advisory (CVE-2025-6965)

Microsoft Sharepoint Server Security Update Advisory (CVE-2025-53770)

Tags:

SQLite Security Update Advisory (CVE-2025-6965)

Microsoft Sharepoint Server Security Update Advisory (CVE-2025-53770)