Tuesday, January 21, 2025 Security Releases

🗓️ 21 Jan 2025 00:00:00Reported by OpenJS FoundationType

nodejsblog

nodejsblog🔗 nodejs.org👁 25 Views

Node.js security releases fix vulnerabilities on January 21, 2025 for multiple version lines.

Reporter	Title	Published	Views	Family All 349
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Data Synchronization app for IBM QRadar SIEM includes components with known vulnerabilities	15 Aug 202514:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	26 Mar 202518:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') due to Node.js ( CVE-2025-27210 )	30 Sep 202515:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in NodeJS affect IBM Business Automation Workflow Configuration Editor	11 Sep 202511:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in nodejs affect IBM Business Automation Workflow Configuration Editor (nodejs January security release)	12 Mar 202518:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23085, CVE-2025-23084 & CVE-2025-22150)	27 Feb 202516:08	–	ibm
IBM Security Bulletins	Security Bulletin: Improper Drive Name Handling in Node.js path.join on Windows, affect watsonx.data	15 Jan 202603:56	–	ibm
GithubExploit	Exploit for CVE-2025-27210	18 Jul 202511:57	–	githubexploit
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)	5 Feb 202500:00	–	nessus

21 Jan 2025 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 37.7

CVSS 3.15.5

EPSS0.01289

SSVC

node.js security high severity issues medium severity issues release timing version lines end-of-life versions.