11 matches found
Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') due to Node.js ( CVE-2025-27210 )
Summary IBM App Connect Enterprise is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' due to Node.js . Vulnerability Details CVEID:CVE-2025-27210 DESCRIPTION: An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting...
Photon OS 4.0: Nodejs PHSA-2025-4.0-0839
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0839. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
CVE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
CVE-2025-27210
Node.js on Windows is affected by a path.join handling vulnerability affecting drive names (CON, PRN, AUX). CVE-2025-27210 notes an incomplete fix for CVE-2025-23084, indicating Windows device-name handling was not treated as special, causing a path that should be relative to be interpreted with ...
CVE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
Exploit for CVE-2025-27210
π CVE-2025-27210 β High-Severity Path Traversal in Node.js o...
Node.js: Windows Device Names Still Allow Path Traversal in UNC Paths After CVE-2025-27210 Fix
Summary: I found that Windows device names CON, PRN, AUX, etc. can still be used for path traversal attacks when working with UNC network paths, even after the CVE-2025-27210 patch. So basically, the fix only covered regular paths but missed the UNC path scenario when using path.join Description:...
Exploit for CVE-2025-27210
CVE-2025-27210NodeJSPathTraversalExploiter Proof of Conce...
NodeJS 24.x - Path Traversal
Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...
NodeJS 24.x Path Traversal
Proof of concept exploit for CVE-2025-27210, a precise path traversal vulnerability affecting Node.js applications running on Microsoft Windows. This vulnerability leverages the specific way Windows handles reserved device file names e.g., AUX, CON, NUL when combined with directory traversal...