Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-23087

UNKNOWN
Published 2025-01-22T01:11:30.821Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-23087. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

No description available

Available Exploits

No exploits available for this CVE.

Related News

Re: Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089

Posted by Pete Allor on Jan 28Florian, I think you miss what actually is done and how, with whom / what. Pete

Seclists.org 2025-01-28 14:07
Read More
Re: Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089

Posted by Florian Weimer on Jan 28* Pete Allor: But is this really how it works these days? For example, if we use a component to render the in-program documentation (traditionally called “online help”, but we would consider this offline today), and the upst…

Seclists.org 2025-01-28 09:49
Read More
Re: Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089

Posted by Pete Allor on Jan 27Florian, The question is about who is scoring and a level of their knowledge and understanding. Assuming that each is using CVSS v3.1 then the question is does the scoring entity look at how the component is built and used or are…

Seclists.org 2025-01-27 23:21
Read More
Re: Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089

Posted by Florian Weimer on Jan 26* Pete Allor: The larger problem is that component scoring tends to be higher than whole-system scoring. If a security component fails in its security function, it certainly deserves an impact rating that reflects that it's …

Seclists.org 2025-01-27 06:36
Read More
Re: Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089

Posted by Pete Allor on Jan 25Assigning a CVE for EOL is actually outside the normal practice (there is another standard for that underway) and is not in line with Rule 4.1 as part of the CVE program. I do agree with Greg K-H that open source projects should…

Seclists.org 2025-01-25 15:23
Read More

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-7xh3-2pj7-gxgm

Advisory Details

This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-23087
WEB https://endoflife.date/nodejs
WEB https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

Advisory provided by GitHub Security Advisory Database. Published: January 22, 2025, Modified: January 24, 2025

Published: 2025-01-22T01:11:30.821Z
Last Modified: 2025-03-01T01:57:38.637Z
Copied to clipboard!