CVE-2025-55131

CVSS v2.0

7.6

High

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description A flaw exists in Node.js related to out-of-bounds deletion of critical data. Remote attackers may be able to impact the confidentiality and integrity of information. A race condition in Buffer.alloc() combined with virtual machine timeouts can expose uninitialized memory. This is particularly dangerous in multi-tenant or untrusted code environments, potentially leading to the leakage of secrets, tokens, and keys within the process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-226

Related Identifiers

ALSA-2026:1842

ALSA-2026:1843

ALSA-2026:2420

ALSA-2026:2421

ALSA-2026:2422

ALSA-2026:2781

ALSA-2026:2782

ALSA-2026:2783

BDU:2026-00546

BIT-NODE-2025-55131

BIT-NODE-MIN-2025-55131

CVE-2025-55131

MGASA-2026-0009

OESA-2026-1218

OESA-2026-1219

OESA-2026-1220

OESA-2026-1221

OPENSUSE-SU-2026:10062-1

OPENSUSE-SU-2026:10074-1

OPENSUSE-SU-2026:20236-1

RHSA-2026:1842

RHSA-2026:1843

RHSA-2026:2420

RHSA-2026:2421

RHSA-2026:2422

RHSA-2026:2767

RHSA-2026:2768

RHSA-2026:2781

RHSA-2026:2782

RHSA-2026:2783

RHSA-2026:2864

RHSA-2026:2899

SUSE-SU-2026:0295-1

SUSE-SU-2026:0301-1

SUSE-SU-2026:0435-1

SUSE-SU-2026:0457-1

SUSE-SU-2026:20436-1

Affected Products

Node.Js

Red Os

Rocky Linux

CVE-2025-55131

Weakness Enumeration

Related Identifiers

Affected Products

References · 118