DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2025-23084

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-23084

Severity

5.5

Medium

CVSS V3

Description

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.

On Windows, a path that does not start with the file separator is treated as relative to the current directory.

This vulnerability affects Windows users of path.join API.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-23084
  • https://github.com/advisories/GHSA-37v4-cwgp-x353
  • http://www.openwall.com/lists/oss-security/2025/07/22/2
  • https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
  • https://security.netapp.com/advisory/ntap-20250321-0003/

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal