CVE-2025-23084

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-23084

Severity

5.5

Medium

CVSS V3

Description

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.

On Windows, a path that does not start with the file separator is treated as relative to the current directory.

This vulnerability affects Windows users of path.join API.

References

https://images.chainguard.dev/security/CGA-5vhj-q22q-3h65
https://github.com/advisories/GHSA-37v4-cwgp-x353
https://images.chainguard.dev/security/CGA-78qf-6hj4-4h59
http://www.openwall.com/lists/oss-security/2025/07/22/2
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
https://security.netapp.com/advisory/ntap-20250321-0003/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-23084

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company