Tech »  Topic »  Axios Vulnerability Enables Attackers to Crash Node.js Applications via Data Handle Abuse

Axios Vulnerability Enables Attackers to Crash Node.js Applications via Data Handle Abuse

2 days, 9 hours ago   gbhackers

A critical security vulnerability has been discovered in the popular Axios HTTP client library that allows attackers to crash Node.js applications through malicious data URL handling.

The flaw, tracked as CVE-2025-58754, affects all versions of Axios before 1.11.0 and has been assigned a CVSS 3.1 score of 7.5, indicating high severity.

Vulnerability Mechanics

The vulnerability stems from Axios’s improper handling of data URLs in Node.js environments.

When the library encounters a URL with the “data:” scheme, it bypasses normal HTTP processing and instead decodes the entire Base64 payload directly into memory using Buffer allocation.

CVE Details Information
CVE Number CVE-2025-58754
Affected Product Axios HTTP Library
Affected Versions < 1.11.0
Patched Version 1.12.0
Severity High
CVSS 3.1 Score 7.5

This process completely ignores the configured maxContentLength and maxBodyLength safety limits that typically protect against oversized HTTP responses.

Security ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE