AlmaLinux 9 : nodejs:20 (ALSA-2025:8468)

🗓️ 05 Jun 2025 00:00:00Reported by TenableType

AlmaLinux 9 is vulnerable due to nodejs:20 affecting remote crash (CVE-2025-23166).

Reporter	Title	Published	Views	Family All 184
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23165 & CVE-2025-23166) )	7 Aug 202513:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in NodeJS affect IBM Business Automation Workflow Configuration Editor	11 Sep 202511:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers	14 Nov 202520:49	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge	11 Sep 202514:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Documentation Offline is vulnerable to `Node.js ReadFileUtf8 and HTTP Parser flaws` due to Node.js (CVE-2025-23165, CVE-2025-23167)	9 Dec 202510:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge	10 Sep 202520:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-23166]	6 Aug 202511:19	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2025-1009)	12 Jun 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-1010)	12 Jun 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0090: nodejs:20 (ALINUX3-SA-2025:0090)	23 Jun 202500:00	–	nessus

Source	Link
errata	www.errata.almalinux.org/9/ALSA-2025-8468.html
access	www.access.redhat.com/errata/RHSA-2025:8468
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2025:8468.
##

include('compat.inc');

if (description)
{
  script_id(237793);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/06/05");

  script_cve_id("CVE-2025-23166");
  script_xref(name:"ALSA", value:"2025:8468");
  script_xref(name:"RHSA", value:"2025:8468");

  script_name(english:"AlmaLinux 9 : nodejs:20 (ALSA-2025:8468)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the
ALSA-2025:8468 advisory.

    * nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js (CVE-2025-23166)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/9/ALSA-2025-8468.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2025:8468");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-23166");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(248);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/06/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-nodemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-packaging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-packaging-bundler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:npm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::appstream");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::baseos");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::crb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::highavailability");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::nfv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::realtime");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::resilientstorage");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap_hana");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::supplementary");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alma Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'AlmaLinux' >!< os_product) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_release = get_kb_item('installed_os/local/SSH/0/release');
if (isnull(os_release)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
if (! preg(pattern:"^9([^0-9]|$)", string:os_release)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_release);

if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);

var module_ver = get_kb_item('Host/AlmaLinux/appstream/nodejs');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:20');
if ('20' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);

var appstreams = {
    'nodejs:20': [
      {'reference':'nodejs-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'aarch64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'ppc64le', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'s390x', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'x86_64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-devel-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'aarch64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-devel-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'ppc64le', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-devel-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'s390x', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-devel-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'x86_64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-docs-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-full-i18n-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'aarch64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-full-i18n-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'ppc64le', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-full-i18n-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'s390x', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-full-i18n-20.19.2-1.module_el9.6.0+169+c9cb05c2', 'cpu':'x86_64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'nodejs-nodemon-3.0.1-1.module_el9.5.0+125+8dc38870', 'release':'9', 'el_string':'el9.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nodejs-packaging-2021.06-4.module_el9.6.0+162+8dc602e5', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nodejs-packaging-bundler-2021.06-4.module_el9.6.0+162+8dc602e5', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'npm-10.8.2-1.20.19.2.1.module_el9.6.0+169+c9cb05c2', 'cpu':'aarch64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'npm-10.8.2-1.20.19.2.1.module_el9.6.0+169+c9cb05c2', 'cpu':'ppc64le', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'npm-10.8.2-1.20.19.2.1.module_el9.6.0+169+c9cb05c2', 'cpu':'s390x', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'npm-10.8.2-1.20.19.2.1.module_el9.6.0+169+c9cb05c2', 'cpu':'x86_64', 'release':'9', 'el_string':'el9.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
    ]
};

var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
  var appstream = NULL;
  var appstream_name = NULL;
  var appstream_version = NULL;
  var appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach var package_array ( appstreams[module] ) {
      var reference = NULL;
      var _release = NULL;
      var sp = NULL;
      var _cpu = NULL;
      var el_string = NULL;
      var rpm_spec_vers_cmp = NULL;
      var epoch = NULL;
      var allowmaj = NULL;
      var exists_check = NULL;
      var cves = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
      if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
      if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:20');

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / nodejs-full-i18n / etc');
}

05 Jun 2025 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 37.5

EPSS0.00304

SSVC

almalinux 9 nodejs vulnerability remote crash cve-2025-23166 advisory tenable nessus