CVE-2025-55130

CVSS v3.1

9.1

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description A flaw exists in the Node.js software platform due to incorrect path name restriction for restricted access directories. Successful exploitation of this issue could allow an attacker to compromise the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-289CWE-22

Related Identifiers

ALSA-2026:1842

ALSA-2026:1843

ALSA-2026:2420

ALSA-2026:2421

ALSA-2026:2422

ALSA-2026:2781

ALSA-2026:2782

ALSA-2026:2783

BDU:2026-00545

BIT-NODE-2025-55130

BIT-NODE-MIN-2025-55130

CVE-2025-55130

MGASA-2026-0009

OESA-2026-1218

OESA-2026-1219

OESA-2026-1220

OESA-2026-1221

OPENSUSE-SU-2026:10062-1

OPENSUSE-SU-2026:10074-1

OPENSUSE-SU-2026:20236-1

RHSA-2026:1842

RHSA-2026:1843

RHSA-2026:2420

RHSA-2026:2421

RHSA-2026:2422

RHSA-2026:2767

RHSA-2026:2768

RHSA-2026:2781

RHSA-2026:2782

RHSA-2026:2783

RHSA-2026:2864

RHSA-2026:2899

SUSE-SU-2026:0295-1

SUSE-SU-2026:0301-1

SUSE-SU-2026:0435-1

SUSE-SU-2026:0457-1

SUSE-SU-2026:20436-1

Affected Products

Node.Js

Rocky Linux

CVE-2025-55130

Weakness Enumeration

Related Identifiers

Affected Products

References · 118