Node.js Framework Vulnerability in NestJS by Nest
CVE-2025-69211

6.9MEDIUM

Key Information:

Vendor: Nestjs
Status: Nest
Vendor: CVE Published:; 29 December 2025

What is CVE-2025-69211?

Nest, a framework for building scalable Node.js applications, is affected by a vulnerability that allows for a Fastify URL encoding middleware bypass in applications using the @nestjs/platform-fastify package. This vulnerability can be exploited if security checks such as authentication and authorization rely on NestMiddleware via MiddlewareConsumer, or if middleware is applied to specific routes. Attackers may gain access to restricted administrative endpoints or protected routes, thus allowing unauthenticated users to access sensitive areas of the application. This flaw, which bypasses essential middleware sanitization or validation, is patched in version @nestjs/platform-fastify@11.1.11. For more details, refer to the security advisory at the official GitHub repository.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

nest < 11.1.11

References

https://github.com/nestjs/nest/security/advisories/GHSA-8...

x_refsource_CONFIRM

https://github.com/nestjs/nest/commit/c4cedda15a05aafec1e...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 29, 2025
Vulnerability Reserved
Dec 29, 2025

JSON

Nestjs