CVE-2025-27209

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Node.js versions 24.0.0 and later

Description The V8 release in Node.js reintroduced a HashDoS vulnerability due to changes in string hash computation using rapidhash. An attacker controlling the strings to be hashed can generate numerous hash collisions, even without knowing the hash seed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-407CWE-401

Related Identifiers

BDU:2025-09382

BDU:2025-09383

BIT-NODE-2025-27209

BIT-NODE-MIN-2025-27209

CVE-2025-27209

Affected Products

Node.Js

CVE-2025-27209

Weakness Enumeration

Related Identifiers

Affected Products

References · 24