Hash Collision Vulnerability in Node.js by Joyent
CVE-2025-27209

7.5HIGH

Key Information:

Vendor: Nodejs
Status: Node
Vendor: CVE Published:; 18 July 2025

Badges

📰 News Worthy

What is CVE-2025-27209?

The latest release of Node.js v24.0.0 introduces a critical flaw in the string hashing mechanism due to changes in the V8 engine's rapidhash implementation. This flaw allows attackers to control string inputs, which can lead to numerous hash collisions, compromising application performance and security. By exploiting this vulnerability, an attacker can intentionally generate hash collisions, crippling services and making them susceptible to denial-of-service attacks.

Affected Version(s)

node 24.0.0 < 24.4.1

News Articles

GBHackers News

CVE-2025-27209

Node.js Vulnerabilities Leave Windows Apps Vulnerable to Path Traversal and HashDoS

The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities.

3 days ago

References

https://nodejs.org/en/blog/vulnerability/july-2025-securi...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025
📰
First article discovered by GBHackers News
Jul 16, 2025
Vulnerability Reserved
Feb 20, 2025

Nodejs

Badges

What is CVE-2025-27209?

Affected Version(s)

News Articles

Node.js Vulnerabilities Leave Windows Apps Vulnerable to Path Traversal and HashDoS

References

CVSS V3.0

Timeline