CVE-2025-23090

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...

CVE-2025-23090 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23083 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083 vulnerabilities

Vulnerabilities for packages: nodejs...

UBUNTU-CVE-2025-23090

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23090

...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23087

...

CVE-2025-23089

CVE-2025-23089 entry is rejected/not used and does not represent an active vulnerability.

CVE-2025-23087

...

CVE-2025-23088

...

CVE-2025-23087

CVE-2025-23087 entry is rejected/not used per CVE Program; it does not represent an active vulnerability.

CVE-2025-23088

...

CVE-2025-23089

...

CVE-2025-23088

CVE-2025-23088 entry is rejected/not used as stated in the Initial Description.

CVE-2025-23090

CVE-2025-23090 is withdrawn as a duplicate of CVE-2025-23083. Connected records confirm CVE-2025-23083 affects Node.js packages for versions before 20.14.0-4, with patches available in advisory channels (nodejs20). These sources describe the same underlying issue and provide remediation guidance ...