CVE-2025-27210
NONE EPSS 94.9%
Published Jul 18, 202511mo ago · Modified Jun 17, 20262w ago
Published Jul 18, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago
Description
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API.
Threat Intelligence
EPSS Exploit Probability
94.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
References 2
- openwall.com http://www.openwall.com/lists/oss-security/2025/07/22/2
- nodejs.org https://nodejs.org/en/blog/vulnerability/july-2025-security-releases
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.