CVE-2025-23090 – Node.js Permission Model Diagnostic Worker Thread Exposición - Elves Core

お問い合わせ

Recent Posts

CVE-2025-0625 – CampCodes School Management Software Attachment Handler Improper Resource Identifier Control Remote vulnerability

1月 22, 2025

CVE-2025-23083 – Node.js permission model diagnostic channel worker thread creation arbitrary instance reuse vulnerability

1月 22, 2025

CVE-2025-23087 – Node.js End-of-Life Vulnerability: Unmaintained Version Use

1月 22, 2025

CVE-2025-23088 – Node.js Unmaintained Third-Party Components Vulnerability (CWE-1104)

1月 22, 2025

CVE-2025-23089 – Microsoft Node.js Unmaintained Component Exposure Vulnerability

1月 22, 2025

CVE-2025-23090 – Node.js Permission Model Diagnostic Worker Thread Exposición

1月 22, 2025

CVE-2025-23090 – Node.js Permission Model Diagnostic Worker Thread Exposición

1月 22, 2025
3:16 am

CVE ID : CVE-2025-23090

Published : Jan. 22, 2025, 2:15 a.m. | 1 hour, 1 minute ago

Description : With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers
but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.

This vulnerability affects Permission Model users (–permission) on Node.js v20, v22, and v23.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-23090 – Node.js Permission Model Diagnostic Worker Thread Exposición

Copyright © 2024 Elves Core (Pvt)Ltd. All Rights Reserved.