CVE-2025-23089 - Vulnerability Details

This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
https://nvd.nist.gov/vuln/detail/CVE-2025-23089
https://www.cve.org/CVERecord?id=CVE-2025-23089

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sat, 01 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
References	https://endoflife.date/nodejs
Metrics	cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Sat, 01 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
Description	NOTE: use of the CVE List to report that a product is unsupported, without reference to a specific defect, is novel and the CVE Program is actively assessing both the validity and potential value of this approach. This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.	This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities

Mon, 10 Feb 2025 23:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 05 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
Description	This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.	NOTE: use of the CVE List to report that a product is unsupported, without reference to a specific defect, is novel and the CVE Program is actively assessing both the validity and potential value of this approach. This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.

Thu, 23 Jan 2025 22:45:00 +0000

Type	Values Removed	Values Added
References		https://endoflife.date/nodejs

Thu, 23 Jan 2025 13:30:00 +0000

Type	Values Removed	Values Added
Title		nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
Weaknesses		CWE-1104
References		https://nvd.nist.gov/vuln/detail/CVE-2025-23089 https://www.cve.org/CVERecord?id=CVE-2025-23089
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 22 Jan 2025 01:30:00 +0000

Type	Values Removed	Values Added
Description		This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components). Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
References		https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
Metrics		cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: REJECTED

Assigner: hackerone

Published: 2025-01-22T01:11:30.822Z

Updated: 2025-03-01T01:57:39.264Z

Reserved: 2025-01-10T19:05:52.772Z

Link: CVE-2025-23089

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-01-22T02:15:34.327

Modified: 2025-03-01T03:15:23.210

Link: CVE-2025-23089

Redhat

Severity : Important

Publid Date: 2025-01-22T01:11:30Z

Links: CVE-2025-23089 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object