CVE-2025-27210
published 2025-07-18CVE-2025-27210: An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX.
This vulnerability affects Windows users of `path.join` API.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nodejs | — | — |