Hash Collision Vulnerability in Node.js by Joyent
CVE-2025-27209

7.5HIGH

Key Information:

Vendor: Nodejs
Status: Node
Vendor: CVE Published:; 18 July 2025

Badges

📰 News Worthy

What is CVE-2025-27209?

The latest release of Node.js v24.0.0 introduces a critical flaw in the string hashing mechanism due to changes in the V8 engine's rapidhash implementation. This flaw allows attackers to control string inputs, which can lead to numerous hash collisions, compromising application performance and security. By exploiting this vulnerability, an attacker can intentionally generate hash collisions, crippling services and making them susceptible to denial-of-service attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

node 24.0.0 < 24.4.1

News Articles

GBHackers News

CVE-2025-27209

Node.js Vulnerabilities Leave Windows Apps Vulnerable to Path Traversal and HashDoS

The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities.

References

https://nodejs.org/en/blog/vulnerability/july-2025-securi...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2025
📰
First article discovered by GBHackers News
Jul 16, 2025
Vulnerability Reserved
Feb 20, 2025

JSON

Nodejs

Badges

What is CVE-2025-27209?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

News Articles

Node.js Vulnerabilities Leave Windows Apps Vulnerable to Path Traversal and HashDoS

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.