CVE-2025-27210

NONE EPSS 94.9%
Published Jul 18, 202511mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 18, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API.

Threat Intelligence

EPSS Exploit Probability
94.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

References 2

  • openwall.com http://www.openwall.com/lists/oss-security/2025/07/22/2
  • nodejs.org https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.