- Description
- A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
- Source
- support@hackerone.com
- NVD status
- Analyzed
- Products
- node.js
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 5.6
- Impact score
- 4.2
- Exploitability score
- 1.3
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
- Hype score
- Not currently trending
CVE-2025-27210 An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affect… https://t.co/R5fCclfO1w
@CVEnew
18 Jul 2025
484 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-23084 A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat … https://t.co/hRvvR49kxM
@CVEnew
28 Jan 2025
222 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[#KUSANAGI9 Updated!] KUSANAGI 9 Module Update KUSANAGI 9 modules have been updated. The updated modules are as follows: nodejs 18.20.6-1 This update includes support for vulnerability(CVE-2025-23085, CVE-2025-23084,... https://t.co/6IiNTOqAmN #KUSANAGI #KUSANAGI9
@kusanagi_saya
24 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45318EFE-37E9-464A-9030-CA2EE2992573",
"versionEndExcluding": "18.20.6",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F4B1228-6F93-4D5E-AEE8-9233855A6B7A",
"versionEndExcluding": "20.18.2",
"versionStartIncluding": "20.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4403A45-58F3-44F8-9DE2-05A1A4B449B5",
"versionEndExcluding": "22.13.1",
"versionStartIncluding": "22.0"
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44BC2512-4267-437B-B2A3-C62A9296BE26",
"versionEndExcluding": "23.6.1",
"versionStartIncluding": "23.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]