Node.js Async Cryptographic Operation SignTraits::DeriveBits Kari na aiki

CVSS Meta Temp ScoreGarga na exploit ndiyam (≈)CTI Nganji Score
5.4$0-$5k0.00

Gundumabayani

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Node.js. Hakika, aikin SignTraits::DeriveBits ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil $software_file, a cikin sashen Async Cryptographic Operation Handler. A sa manipulation ka Kari na aiki. Wannan matsala ana saninta da CVE-2025-23166. Babu exploit ɗin da ake samu. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Furɗebayani

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Node.js. Hakika, aikin SignTraits::DeriveBits ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil $software_file, a cikin sashen Async Cryptographic Operation Handler. A sa manipulation ka Kari na aiki. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-404. Hakika, rauni an bayyana shi. An raba bayanin tsaro don saukewa a seclists.org.

Wannan matsala ana saninta da CVE-2025-23166. CVE assignement 01/12/2025 nda shikena. Tekinikal faɗi ga. Shaharar wannan vulnerability ɗin ƙasa da matsakaici ne. Babu exploit ɗin da ake samu. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro.

Á sàmbu a wondi feere. Ana bayar da Nessus plugin mai lamba 236766 daga na'urar gano rauni.

Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata.

Wannan vulnerability an kuma samu a wasu kundin bayanan vulnerability: Tenable (236766). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Gashuwa

  • Debian Linux
  • IBM WebSphere Service Registry and Repository
  • Amazon Linux 2
  • IBM InfoSphere Information Server
  • Open Source OpenJDK
  • Red Hat Enterprise Linux
  • IBM Tivoli Netcool/OMNIbus
  • Ubuntu Linux
  • IBM WebSphere Application Server
  • SUSE Linux
  • Oracle Linux
  • IBM Integration Bus
  • IBM Rational Application Developer for WebSphere Software
  • Hitachi Ops Center
  • IGEL OS
  • Hitachi Configuration Manager
  • IBM QRadar SIEM
  • Dell Data Protection Advisor
  • IBM Storwize
  • IBM Business Automation Workflow
  • IBM FlashSystem
  • IBM Rational Business Developer
  • IBM Tivoli Key Lifecycle Manager
  • SUSE openSUSE
  • IBM License Metric Tool
  • IBM App Connect Enterprise
  • Xerox FreeFlow Print Server
  • HCL BigFix
  • Azul Zulu
  • IBM TXSeries
  • IBM MQ
  • IBM SPSS
  • Hitachi Command Suite
  • Dell Avamar
  • IBM Tivoli Monitoring
  • Oracle Java SE
  • Oracle GraalVM
  • Amazon Corretto
  • IBM Semeru Runtime
  • IBM Java
  • IBM Installation Manager
  • IBM Tivoli Business Service Manager
  • IBM Tivoli Network Manager
  • Absolute Secure Access
  • IBM Sterling Connect:Direct
  • IBM DataPower Gateway
  • Dell NetWorker
  • RealObjects PDFreactor
  • IBM SAN Volume Controller

Kayanbayani

Nganji

Sunu

Laisens

CPE 2.3bayani

CPE 2.2bayani

CVSSv4bayani

VulDB Furɗo: 🔒
VulDB Gaskiya: 🔍

CVSSv3bayani

VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.4

VulDB Ganda Borno: 3.5
VulDB Temp Score: 3.4
VulDB Furɗo: 🔒
VulDB Gaskiya: 🔍

CNA Ganda Borno: 7.5
CNA Furɗo: 🔒

CVSSv2bayani

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VektarKumpleksitiAuthentisierungKariyandiGaskiyaGashina
furufurufurufurufurufuru
furufurufurufurufurufuru
furufurufurufurufurufuru

VulDB Ganda Borno: 🔒
VulDB Temp Score: 🔒
VulDB Gaskiya: 🔍

Gargajiyabayani

Klasu: Kari na aiki
CWE: CWE-404
CAPEC: 🔒
ATT&CK: 🔒

Fizikal: Ayi
Gumti: Ayi
Gana: Ee

Gashina: 🔒
Halitta: A wondi feere

EPSS Score: 🔒
EPSS Percentile: 🔒

Furɗo farashi: 🔍
Gaskiya farashi ndiyam: 🔒

0-Dayfurufurufurufuru
Lalefurufurufurufuru

Nessus ID: 236766
Nessus Sunu: Node.js 20.x < 20.19.2 / 22.x < 22.15.1 / 22.x < 22.15.1 / 23.x < 23.11.1 / 24.x < 24.0.2 Multiple Vulnerabilities (Wednesday, May 14, 2025 Security Releases).

Bayani na barazanabayani

Ngam: 🔍
Akteɓe ɓernde: 🔍
Kura APT goruwa masu aiki: 🔍

Kari gamjibayani

Garga: Gargajiya
Halitta: 🔍

0-Day Gana: 🔒

Gargajiya: nodejs.org

Waktin layibayani

01/12/2025 CVE anin ga
05/15/2025 +122 Hənde Advisory ganna fa.
05/15/2025 +0 Hənde VulDB gite be nayi
11/28/2025 +197 Hənde VulDB gite wuro karshe ta gyara

Ngizimbayani

Gargaaji: seclists.org
Halitta: Gaskiya

CVE: CVE-2025-23166 (🔒)
GCVE (CVE): GCVE-0-2025-23166
GCVE (VulDB): GCVE-100-309063
CERT Bund: WID-SEC-2025-1569 - Oracle Java SE: Mehrere Schwachstellen

Gumtibayani

Súgá: 05/15/2025 13:44
Gargadi: 11/28/2025 10:15
Goyarwa: 05/15/2025 13:44 (53), 05/17/2025 15:11 (2), 05/19/2025 06:01 (12), 07/23/2025 15:42 (7), 07/25/2025 15:08 (1), 08/08/2025 16:16 (1), 08/27/2025 19:23 (1), 09/11/2025 15:52 (1), 09/12/2025 11:12 (1), 09/18/2025 21:03 (1), 10/31/2025 15:09 (1), 11/28/2025 10:15 (1)
Gadankam: 🔍
Cache ID: 253:BDC:103

Ganaaji

A ga wuroyo kulu. Kàlàmbe: kr + en.

Ngam loga ka, kanyi shidin dum.

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!