AZL-61913 CVE-2025-23165 affecting package nodejs for versions less than 20.14.0-9

🗓️ 19 May 2025 02:15:17Reported by GoogleType

AZL-61913 CVE-2025-23165: Node.js ReadFileUtf8 leaks memory due to a corrupted pointer, causing DoS in v20 and v22 below 20.14.0-9.

Reporter	Title	Published	Views	Family All 133
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23165 & CVE-2025-23166) )	7 Aug 202513:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in NodeJS affect IBM Business Automation Workflow Configuration Editor	11 Sep 202511:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Documentation Offline is vulnerable to `Node.js ReadFileUtf8 and HTTP Parser flaws` due to Node.js (CVE-2025-23165, CVE-2025-23167)	9 Dec 202510:59	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2025-1009)	12 Jun 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-1010)	12 Jun 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0090: nodejs:20 (ALINUX3-SA-2025:0090)	23 Jun 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: nodejs (CVE-2025-23165)	22 Jan 202600:00	–	nessus
Tenable Nessus	Fedora 41 : nodejs20 (2025-0c2b7a8f32)	28 May 202500:00	–	nessus
Tenable Nessus	Fedora 41 : nodejs22 (2025-61ad6e65b3)	28 May 202500:00	–	nessus
Tenable Nessus	Node.js 20.x < 20.19.2 / 22.x < 22.15.1 / 22.x < 22.15.1 / 23.x < 23.11.1 / 24.x < 24.0.2 Multiple Vulnerabilities (Wednesday, May 14, 2025 Security Releases).	15 May 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-23165

21 Apr 2026 04:31Current

6.8Medium risk

Vulners AI Score6.8

CVSS 33.7

EPSS0.0056

SSVC