CVE-2025-59465

CVSS v2.0

7.8

High

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description A flaw exists in the Node.js software platform related to improper handling of exceptional states. Exploitation may allow a remote attacker to cause a denial-of-service condition. Specifically, malformed HTTP/2 HEADERS frames can cause Node.js to crash due to an unhandled TLS error, resulting in an instant process crash and remote denial-of-service. No authentication is required on misconfigured servers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-755

Related Identifiers

ALSA-2026:1842

ALSA-2026:1843

ALSA-2026:2420

ALSA-2026:2421

ALSA-2026:2422

ALSA-2026:2781

ALSA-2026:2782

ALSA-2026:2783

BDU:2026-00547

BIT-NODE-2025-59465

BIT-NODE-MIN-2025-59465

CVE-2025-59465

MGASA-2026-0009

OESA-2026-1218

OESA-2026-1219

OESA-2026-1220

OESA-2026-1221

OPENSUSE-SU-2026:10062-1

OPENSUSE-SU-2026:10074-1

OPENSUSE-SU-2026:20236-1

RHSA-2026:1842

RHSA-2026:1843

RHSA-2026:2420

RHSA-2026:2421

RHSA-2026:2422

RHSA-2026:2767

RHSA-2026:2768

RHSA-2026:2781

RHSA-2026:2782

RHSA-2026:2783

RHSA-2026:2864

RHSA-2026:2899

SUSE-SU-2026:0295-1

SUSE-SU-2026:0301-1

SUSE-SU-2026:0435-1

SUSE-SU-2026:0457-1

SUSE-SU-2026:20436-1

Affected Products

Node.Js

Rocky Linux

CVE-2025-59465

Weakness Enumeration

Related Identifiers

Affected Products

References · 117