CVE-2025-69211

Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.11

Description Nest is a framework used for building scalable Node.js server-side applications. A flaw exists where the Fastify URL encoding middleware can be bypassed. This impacts applications utilizing @nestjs/platform-fastify and relying on NestMiddleware (through MiddlewareConsumer) or app.use() for security measures applied to specific routes using string paths or controllers, such as .forRoutes('admin'). Successful exploitation could allow unauthenticated access to protected routes, grant access to restricted administrative endpoints to unauthorized users, or bypass middleware responsible for sanitization or validation.

Recommendations Update to Nest version 11.1.11 or later.