CVE-2025-23083 – Node.js permission model diagnostic channel worker thread creation arbitrary instance reuse vulnerability - Elves Core

お問い合わせ

Recent Posts

CVE-2024-13584 – WordPress Picture Gallery Stored Cross-Site Scripting (XSS)

1月 22, 2025

CVE-2024-13590 – WordPress Ketchup Shortcodes Stored Cross-Site Scripting Vulnerability

1月 22, 2025

CVE-2024-13426 – WordPress WP-Polls Stored Cross-Site Scripting (SQL Injection)

1月 22, 2025

CVE-2025-0625 – CampCodes School Management Software Attachment Handler Improper Resource Identifier Control Remote vulnerability

1月 22, 2025

CVE-2025-23083 – Node.js permission model diagnostic channel worker thread creation arbitrary instance reuse vulnerability

1月 22, 2025

CVE-2025-23087 – Node.js End-of-Life Vulnerability: Unmaintained Version Use

1月 22, 2025

CVE-2025-23083 – Node.js permission model diagnostic channel worker thread creation arbitrary instance reuse vulnerability

1月 22, 2025
3:16 am

CVE ID : CVE-2025-23083

Published : Jan. 22, 2025, 2:15 a.m. | 1 hour, 1 minute ago

Description : With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.

This vulnerability affects Permission Model users (–permission) on Node.js v20, v22, and v23.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-23083 – Node.js permission model diagnostic channel worker thread creation arbitrary instance reuse vulnerability

Copyright © 2024 Elves Core (Pvt)Ltd. All Rights Reserved.