Denial of Service Vulnerability in Servify Express Node.js Package
CVE-2025-67731

8.7HIGH

Key Information:

Vendor

Aarondoran

Status
Servify-express
Vendor
CVE Published:
12 December 2025

What is CVE-2025-67731?

The Servify Express package for Node.js, prior to version 1.2, contains a vulnerability that allows untrusted clients to send excessively large JSON request bodies. This may lead to overwhelming memory usage, reduced performance, or even process crashes, causing a Denial of Service (DoS). The vulnerability arises from a lack of request size limits in the express.json() parser. It is crucial for developers using this package to upgrade to version 1.2 and implement size limits on the JSON parser or utilize reverse proxies to manage request sizes effectively.

Affected Version(s)

servify-express < 1.2

References

https://github.com/Aarondoran/servify-express/security/ad...
x_refsource_CONFIRM
https://github.com/Aarondoran/servify-express/commit/8dff...
x_refsource_MISC
https://github.com/Aarondoran/servify-express/releases/ta...
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-67731 : Denial of Service Vulnerability in Servify Express Node.js Package