CVE-2025-27210

Windows
Node.js

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-27210 is a path traversal vulnerability affecting Node.js applications on Windows platforms. It stems from an incomplete fix for CVE-2025-23084 and involves the way the `path.normalize()` and `path.join()` APIs handle Windows device names like CON, PRN, and AUX. Attackers can exploit this vulnerability to bypass directory traversal protections by manipulating these special device names. This can lead to unauthorized access to files or directories. The vulnerability affects Node.js versions 20.x, 22.x, and 24.x.

Description
-

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🚨 Node.js Security Updates Released (July 15, 2025) High severity fixes for: • path.normalize() Windows device names bypass (CVE-2025-27210) • HashDoS in V8 (CVE-2025-27209) Affects: 20.x, 22.x, 24.x Update now: https://t.co/VsLZeDjaNW #NodeJS #Security

    @NodeSource

    16 Jul 2025

    123 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-27210: Node JS Path Traversal PoC https://t.co/m4RSbtQBQd

    @freedomhack101

    16 Jul 2025

    95 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  3. #Poc CVE-2025-27210 Node.JS Path Traversal https://t.co/ddYZN3n00R #Node #cve https://t.co/7KwpBVzrzN

    @absholi7ly

    16 Jul 2025

    234 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    2 Replies

    0 Quotes

  4. 🚨🚨Node.js alert! Two critical vulnerabilities exposed: CVE-2025-27210: Windows Path Traversal! Attackers exploit path.normalize() & path.join() to access unauthorized files. CVE-2025-27209: HashDoS via rapidhash in V8 risks app crashes. ZoomEye Dork👉app="Node.

    @zoomeye_team

    16 Jul 2025

    1991 Impressions

    5 Retweets

    35 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  5. 🚨Alert🚨 Two High-Severity Node.js Flaws: CVE-2025-27210:Path Traversal Bypass Using Windows Device Names CVE-2025-27209:HashDoS Reintroduced via rapidhash in V8 📊26M Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/c8Twy64jOS 👇Que

    @HunterMapping

    16 Jul 2025

    2752 Impressions

    9 Retweets

    52 Likes

    19 Bookmarks

    1 Reply

    0 Quotes

  6. Found a 0day in Node.js - CVE-2025-27210 Discovered a path traversal vulnerability in Node.js (Windows path traversal via device names)! Officially acknowledged, patched & disclosed by the Node.js security team! https://t.co/aEQxIiG0gV https://t.co/BFC6F0jm2l https://t.co

    @theoblivionsage

    15 Jul 2025

    6750 Impressions

    12 Retweets

    154 Likes

    56 Bookmarks

    3 Replies

    0 Quotes

References

Sources include official advisories and independent security research.