CVE-2025-1351
published 2025-07-07CVE-2025-1351: IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a…
PriorityP431high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.09%
0.4th percentile
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | storage_virtualize | — | — |
| ibm | storage_virtualize | — | — |
| ibm | storage_virtualize | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-23085 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap
bugzilla·2025-01-28·CVSS 5.3
CVE-2025-23085 [MEDIUM] CVE-2025-23085 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap
CVE-2025-23085 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2025:1351 https://access.redhat.com/errata/RHSA-2025:1351
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-20
Bugzilla
CVE-2025-23083 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
bugzilla·2025-01-22·CVSS 7.7
CVE-2025-23083 [HIGH] CVE-2025-23083 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
CVE-2025-23083 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.
This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2025:1351 https://access.redhat.com/errata/RHSA-2025:1351
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:1443 https://access.redhat.com/errata/RHSA-2025:1443
2025-07-07
Published