CVE-2025-23165

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: nodejs (affected versions not specified)

Description: The issue is related to a corrupted pointer in the node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) function when the args[0] is a string. This is a problem in the nodejs package, which is used in Debian Linux.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Leak

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-248CWE-444

Related Identifiers

AZL-61913

BDU:2025-10618

BDU:2025-10619

BDU:2025-10620

BIT-NODE-2025-23165

BIT-NODE-MIN-2025-23165

CESA-2025_8506

CESA-2025_8514

CVE-2025-23165

ECHO-B3EE-7EA8-F120

INFSA-2025_8467

INFSA-2025_8468

MGASA-2025-0161

OESA-2025-1533

OESA-2025-1534

OPENSUSE-SU-2025:15250-1

OPENSUSE-SU-2025:15802-1

RHSA-2025:8467

RHSA-2025:8468

RHSA-2025:8493

RHSA-2025:8506

RHSA-2025:8514

RHSA-2025_8467

RHSA-2025_8468

RHSA-2025_8506

RHSA-2025_8514

SUSE-SU-2025:01878-1

SUSE-SU-2025:01879-1

SUSE-SU-2025:02039-1

SUSE-SU-2025:02045-1

SUSE-SU-2025_01878-1

SUSE-SU-2025_01879-1

SUSE-SU-2025_02039-1

SUSE-SU-2025_02045-1

Affected Products

Astra Linux

Centos

Debian

Red Hat

Red Os

Rocky Linux

Suse

Node.Js

CVE-2025-23165

Weakness Enumeration

Related Identifiers

Affected Products

References · 67