7.5

CVE-2025-59465

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example:
```
server.on('secureConnection', socket => {
  socket.on('error', err => {
    console.log(err)
  })
})
```
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NodejsNode.Js SwEdition- Version >= 20.0.0 < 20.20.0
NodejsNode.Js SwEdition- Version >= 22.0.0 < 22.22.0
NodejsNode.Js SwEdition- Version >= 24.0.0 < 24.13.0
NodejsNode.Js SwEdition- Version >= 25.0.0 < 25.3.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.78% 0.886
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
support@hackerone.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Vendor Advisory
Release Notes
https://access.redhat.com/errata/RHSA-2026:1842
https://access.redhat.com/errata/RHSA-2026:1843
https://access.redhat.com/errata/RHSA-2026:2420
https://access.redhat.com/errata/RHSA-2026:2421
https://access.redhat.com/errata/RHSA-2026:2422
https://access.redhat.com/errata/RHSA-2026:2767
https://access.redhat.com/errata/RHSA-2026:2768
https://access.redhat.com/errata/RHSA-2026:2781
https://access.redhat.com/errata/RHSA-2026:2782
https://access.redhat.com/errata/RHSA-2026:2783
https://access.redhat.com/errata/RHSA-2026:2864
https://access.redhat.com/errata/RHSA-2026:2899
https://access.redhat.com/errata/RHSA-2026:6402
https://access.redhat.com/errata/RHSA-2026:6431
https://access.redhat.com/errata/RHSA-2026:7386
https://access.redhat.com/errata/RHSA-2026:7387
https://access.redhat.com/security/cve/CVE-2025-59465
https://bugzilla.redhat.com/show_bug.cgi?id=2431349
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json