Node.js Vulnerabilities Leave Windows Apps Vulnerable to Path Traversal and HashDoS
gbhackersThe Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities that pose significant risks to Windows applications and could enable denial-of-service attacks.
The vulnerabilities, identified as CVE-2025-27210 and CVE-2025-27209, affect active Node.js release lines including versions 20.x, 22.x, and 24.x, prompting immediate security patches released on July 15, 2025.
Critical Windows Path Traversal Vulnerability
Security researchers have identified that attackers can exploit Windows device names to bypass path traversal protection mechanisms, potentially allowing unauthorized access to system resources or sensitive file locations.
| CVE ID | Title | Severity | Affected Versions | Platform | Reporter |
| CVE-2025-27210 | Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() | High | 20.x, 22.x, 24.x | Windows | oblivionsage |
| CVE-2025-27209 | HashDoS in V8 | High | 24.x | All | sharp_edged |
The vulnerability affects all users across active release lines, making it a widespread concern for Windows-based ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE