CVE-2025-23090
UNKNOWN
Published 2025-01-22T01:11:30.802Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-23090. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
No description available
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
⚠ Unreviewed
HIGH
GHSA-5vvm-wqc8-r5m8
Advisory Details
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers
but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.
This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
CVSS Scoring
CVSS Score
7.5
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: January 22, 2025, Modified: January 22, 2025
Published: 2025-01-22T01:11:30.802Z
Last Modified: 2025-07-18T23:02:35.042Z
Copied to clipboard!