{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23166", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2025-01-12T01:00:00.648Z", "datePublished": "2025-05-19T01:25:08.462Z", "dateUpdated": "2025-05-28T00:07:12.640Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime."}], "affected": [{"defaultStatus": "unaffected", "vendor": "nodejs", "product": "node", "versions": [{"versionType": "semver", "version": "4.0", "status": "affected", "lessThan": "4.*"}, {"versionType": "semver", "version": "5.0", "status": "affected", "lessThan": "5.*"}, {"versionType": "semver", "version": "6.0", "status": "affected", "lessThan": "6.*"}, {"versionType": "semver", "version": "7.0", "status": "affected", "lessThan": "7.*"}, {"versionType": "semver", "version": "8.0", "status": "affected", "lessThan": "8.*"}, {"versionType": "semver", "version": "9.0", "status": "affected", "lessThan": "9.*"}, {"versionType": "semver", "version": "10.0", "status": "affected", "lessThan": "10.*"}, {"versionType": "semver", "version": "11.0", "status": "affected", "lessThan": "11.*"}, {"versionType": "semver", "version": "12.0", "status": "affected", "lessThan": "12.*"}, {"versionType": "semver", "version": "13.0", "status": "affected", "lessThan": "13.*"}, {"versionType": "semver", "version": "14.0", "status": "affected", "lessThan": "14.*"}, {"versionType": "semver", "version": "15.0", "status": "affected", "lessThan": "15.*"}, {"versionType": "semver", "version": "16.0", "status": "affected", "lessThan": "16.*"}, {"versionType": "semver", "version": "17.0", "status": "affected", "lessThan": "17.*"}, {"versionType": "semver", "version": "18.0", "status": "affected", "lessThan": "18.*"}, {"versionType": "semver", "version": "19.0", "status": "affected", "lessThan": "19.*"}, {"version": "20.0", "status": "affected", "lessThanOrEqual": "20.19.1", "versionType": "semver"}, {"version": "22.0", "status": "affected", "lessThanOrEqual": "22.15.0", "versionType": "semver"}, {"version": "23.0", "status": "affected", "lessThanOrEqual": "23.11.0", "versionType": "semver"}, {"version": "24.0", "status": "affected", "lessThanOrEqual": "24.0.1", "versionType": "semver"}, {"versionType": "semver", "version": "21.0", "status": "affected", "lessThan": "21.*"}]}], "references": [{"url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-05-28T00:07:12.640Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-248", "lang": "en", "description": "CWE-248 Uncaught Exception"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-19T14:11:17.877460Z", "id": "CVE-2025-23166", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T14:13:24.973Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23166", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-19T14:11:17.877460Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T14:12:48.368Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "nodejs", "product": "node", "versions": [{"status": "affected", "version": "4.0", "lessThan": "4.*", "versionType": "semver"}, {"status": "affected", "version": "5.0", "lessThan": "5.*", "versionType": "semver"}, {"status": "affected", "version": "6.0", "lessThan": "6.*", "versionType": "semver"}, {"status": "affected", "version": "7.0", "lessThan": "7.*", "versionType": "semver"}, {"status": "affected", "version": "8.0", "lessThan": "8.*", "versionType": "semver"}, {"status": "affected", "version": "9.0", "lessThan": "9.*", "versionType": "semver"}, {"status": "affected", "version": "10.0", "lessThan": "10.*", "versionType": "semver"}, {"status": "affected", "version": "11.0", "lessThan": "11.*", "versionType": "semver"}, {"status": "affected", "version": "12.0", "lessThan": "12.*", "versionType": "semver"}, {"status": "affected", "version": "13.0", "lessThan": "13.*", "versionType": "semver"}, {"status": "affected", "version": "14.0", "lessThan": "14.*", "versionType": "semver"}, {"status": "affected", "version": "15.0", "lessThan": "15.*", "versionType": "semver"}, {"status": "affected", "version": "16.0", "lessThan": "16.*", "versionType": "semver"}, {"status": "affected", "version": "17.0", "lessThan": "17.*", "versionType": "semver"}, {"status": "affected", "version": "18.0", "lessThan": "18.*", "versionType": "semver"}, {"status": "affected", "version": "19.0", "lessThan": "19.*", "versionType": "semver"}, {"status": "affected", "version": "20.0", "versionType": "semver", "lessThanOrEqual": "20.19.1"}, {"status": "affected", "version": "22.0", "versionType": "semver", "lessThanOrEqual": "22.15.0"}, {"status": "affected", "version": "23.0", "versionType": "semver", "lessThanOrEqual": "23.11.0"}, {"status": "affected", "version": "24.0", "versionType": "semver", "lessThanOrEqual": "24.0.1"}, {"status": "affected", "version": "21.0", "lessThan": "21.*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases"}], "descriptions": [{"lang": "en", "value": "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-05-28T00:07:12.640Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23166", "state": "PUBLISHED", "dateUpdated": "2025-05-28T00:07:12.640Z", "dateReserved": "2025-01-12T01:00:00.648Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2025-05-19T01:25:08.462Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime."}, {"lang": "es", "value": "El m\u00e9todo SignTraits::DeriveBits() de C++ puede llamar incorrectamente a ThrowException() bas\u00e1ndose en las entradas proporcionadas por el usuario al ejecutarse en segundo plano, lo que provoca el bloqueo del proceso de Node.js. Estas operaciones criptogr\u00e1ficas se aplican com\u00fanmente a entradas no confiables. Por lo tanto, este mecanismo podr\u00eda permitir que un adversario bloquee remotamente un entorno de ejecuci\u00f3n de Node.js."}], "id": "CVE-2025-23166", "lastModified": "2025-05-19T15:15:23.310", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2025-05-19T02:15:17.470", "references": [{"source": "support@hackerone.com", "url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8493", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "nodejs22-1:22.16.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8506", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:22-8100020250527102348.6d880403", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8514", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:20-8100020250521115949.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8467", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nodejs:22-9060020250529115509.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-03T00:00:00Z"}, {"advisory": "RHSA-2025:8468", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nodejs:20-9060020250529100856.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-03T00:00:00Z"}, {"advisory": "RHSA-2025:8902", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "nodejs:20-9040020250603124021.rhel9", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-11T00:00:00Z"}], "bugzilla": {"description": "nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js", "id": "2367163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367163"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-248", "details": ["The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-23166", "public_date": "2025-05-19T01:25:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-23166\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-23166\nhttps://nodejs.org/en/blog/vulnerability/may-2025-security-releases"], "threat_severity": "Important"}