Nodejs security advisory (AV25-431)

Serial number: AV25-431
Date: July 18, 2025

On July 15, 2025, Nodejs published security advisories to address vulnerabilities in the following products:

  • Node.js 20 – versions prior to v20.19.4
  • Node.js 22 – versions prior to v22.17.1
  • Node.js 24 – versions prior to v24.4.1

Open-source reporting has indicated that proof-of-concept exploit code is available for the vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. CVE-2025-27210.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Date modified: