CVE-2025-59465

CVSS v2.0

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description A flaw exists in the Node.js software platform related to improper handling of exceptional states. Exploitation may allow a remote attacker to cause a denial-of-service condition. Specifically, malformed HTTP/2 HEADERS frames can cause Node.js to crash due to an unhandled TLS error, resulting in an instant process crash and remote denial-of-service. No authentication is required on misconfigured servers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Handling of Exceptional Conditions

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-400

Related Identifiers

ALSA-2026:1842

ALSA-2026:1843

ALSA-2026:2420

ALSA-2026:2421

ALSA-2026:2422

ALSA-2026:2781

BDU:2026-00547

BIT-NODE-2025-59465

BIT-NODE-MIN-2025-59465

CVE-2025-59465

MGASA-2026-0009

OESA-2026-1218

OESA-2026-1219

OESA-2026-1220

OESA-2026-1221

RHSA-2026:1842

RHSA-2026:1843

RHSA-2026:2420

RHSA-2026:2421

RHSA-2026:2422

RHSA-2026:2767

RHSA-2026:2768

RHSA-2026:2781

RHSA-2026:2782

RHSA-2026:2783

RHSA-2026:2864

RHSA-2026:2899

Affected Products

Node.Js

Rocky Linux

CVE-2025-59465

Weakness Enumeration

Related Identifiers

Affected Products

References · 84