AZL-56519 CVE-2025-23085 affecting package nodejs for versions less than 20.14.0-5

🗓️ 07 Feb 2025 07:15:15Reported by GoogleType

osv🔗 osv.dev👁 2 Views

Memory leak in Node.js HTTP two server below version 20.14.0-5 may cause denial of service when peer closes socket without GOAWAY or on invalid header.

Reporter	Title	Published	Views	Family All 205
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Data Synchronization app for IBM QRadar SIEM includes components with known vulnerabilities	15 Aug 202514:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	26 Mar 202518:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in nodejs affect IBM Business Automation Workflow Configuration Editor (nodejs January security release)	12 Mar 202518:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23085, CVE-2025-23084 & CVE-2025-22150)	27 Feb 202516:08	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)	5 Feb 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-843)	26 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0029: nodejs:20 (ALINUX3-SA-2025:0029)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : nodejs:20 (ALSA-2025:1351)	17 Feb 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nodejs:20 (ALSA-2025:1443)	17 Feb 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-23085

21 Apr 2026 04:36Current

6.9Medium risk

Vulners AI Score6.9

CVSS 35.3

EPSS0.00164

SSVC