CVE-2025-62718
published 2026-04-09CVE-2025-62718: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when…
PriorityP262critical9.9CVSS 3.1
AVNACLPRNUINSCCHILAL
EPSS
1.19%
63.9th percentile
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axios | axios | < 0.32.0 | 0.32.0 |
| axios | axios | < 0.31.0 | 0.31.0 |
| axios | axios | < 0.31.1 | 0.31.1 |
| axios | axios | — | — |
| axios | axios | >= 0 < 1.15.0 | 1.15.0 |
| axios | axios | >= 0 < 0.31.0 | 0.31.0 |
| axios | axios | >= 0 < 0.31.1 | 0.31.1 |
| axios | axios | >= 0 < 0.32.0 | 0.32.0 |
| axios | axios | >= 1.0.0 < 1.15.0 | 1.15.0 |
| axios | axios | >= 1.0.0 < 1.15.1 | 1.15.1 |
| axios | axios | >= 1.0.0 < 1.15.0 | 1.15.0 |
| axios | axios | >= 1.0.0 < 1.15.1 | 1.15.1 |
| axios | axios | >= 1.0.0 < 1.16.0 | 1.16.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect requests to loopback addresses using trailing-dot hostname normalization bypass (e.g., 'localhost.' with trailing dot) that may indicate exploitation of NO_PROXY bypass ↗
- →Detect requests using IPv6 loopback literal [::1] as hostname in Axios-based applications where NO_PROXY is configured, as these bypass NO_PROXY matching ↗
- →Flag server-side Axios usage where both HTTP_PROXY and NO_PROXY environment variables are set and attacker-controlled URLs are passed — prerequisite conditions for exploitation ↗
- ·Vulnerability only affects Axios versions prior to 1.15.0 (v1.x branch) and prior to 0.31.0 (v0.x branch); fixed versions are 1.15.0 and 0.31.0 ↗
- ·Exploitation requires a non-default combination of conditions: attacker-controlled URLs in a server-side Axios context, both HTTP_PROXY and NO_PROXY configured, and a proxy positioned to act on or intercept the misdirected traffic ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
vendor_redhat·2026-04-09·CVSS 9.3
CVE-2025-62718 [CRITICAL] CWE-1289 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
Statement: This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to ax
GHSA
axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
ghsa·2026-05-29·CVSS 6.3
CVE-2026-44492 [MEDIUM] CWE-918 axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
### Summary
shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as `127.0.0.1` or `169.254.169.254`, a request URL using the IPv4-mapped IPv6 form (`::ffff:7f00:1`, `::ffff:a9fe:a9fe`) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked.
### Details
lib/helpers/shouldBypassProxy.js (v1.15.0):
```javascript
const LOOPBACK_ADDRESSES = new Set(['localhost', '127.0.0.1', '::1']);
const isLoopback = (host) => LOOPBACK_ADDRESSES
GHSA
Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
ghsa·2026-05-05·CVSS 9.3
CVE-2026-42043 [CRITICAL] CWE-183 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
**1. Executive Summary**
This report documents an **incomplete security patch** for the previously disclosed vulnerability **GHSA-3p68-rc4w-qgx5 (CVE-2025-62718)**, which affects the `NO_PROXY` hostname resolution logic in the Axios HTTP library.
**Background — The Original Vulnerability**
The original vulnerability (GHSA-3p68-rc4w-qgx5) disclosed that Axios did not normalize hostnames before comparing them against `NO_PROXY` rules. Specifically, a request to `http://localhost./` (with a trailing dot) or `http://[::1]/` (with IPv6 bracket notation) would **bypass NO_PROXY matching entirely** and be forwarded to the configured HTTP proxy — even when `NO_PROXY=
VulDB
Axios up to 1.14.x NO_PROXY Normalization confused deputy (GHSA-3p68-rc4w-qgx5 / Nessus ID 306741)
vuldb·2026-04-16·CVSS 9.3
CVE-2025-62718 [CRITICAL] Axios up to 1.14.x NO_PROXY Normalization confused deputy (GHSA-3p68-rc4w-qgx5 / Nessus ID 306741)
A vulnerability classified as critical was found in Axios up to 1.14.x. This issue affects some unknown processing of the component NO_PROXY Normalization Handler. The manipulation results in unintended intermediary.
This vulnerability is known as CVE-2025-62718. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is advised.
OSV
Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
osv·2026-04-09
CVE-2025-62718 [CRITICAL] Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Axios does not correctly handle hostname normalization when checking `NO_PROXY` rules.
Requests to loopback addresses like `localhost.` (with a trailing dot) or `[::1]` (IPv6 literal) skip `NO_PROXY` matching and go through the configured proxy.
This goes against what developers expect and lets attackers force requests through a proxy, even if `NO_PROXY` is set up to protect loopback or internal services.
According to [RFC 1034 §3.1](https://datatracker.ietf.org/doc/html/rfc1034#section-3.1) and [RFC 3986 §3.2.2](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2), a hostname can have a trailing dot to show it is a fully qualified domain name (FQDN). At the DNS level, `localhost.` is the same as `localhost`.
Howev
GHSA
Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
ghsa·2026-04-09
CVE-2025-62718 [MEDIUM] CWE-441 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
Axios does not correctly handle hostname normalization when checking `NO_PROXY` rules.
Requests to loopback addresses like `localhost.` (with a trailing dot) or `[::1]` (IPv6 literal) skip `NO_PROXY` matching and go through the configured proxy.
This goes against what developers expect and lets attackers force requests through a proxy, even if `NO_PROXY` is set up to protect loopback or internal services.
According to [RFC 1034 §3.1](https://datatracker.ietf.org/doc/html/rfc1034#section-3.1) and [RFC 3986 §3.2.2](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2), a hostname can have a trailing dot to show it is a fully qualified domain name (FQDN). At the DNS level, `localhost.` is the same as `localhost`.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-62718 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62718 :
JavaScript vulnerability analysis and mitigation
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0.
Source : NVD
## 9.3
Sc
Bugzilla
CVE-2026-42043 axios: Axios: NO_PROXY bypass via crafted URL
bugzilla·2026-04-24·CVSS 9.3
CVE-2026-42043 [CRITICAL] CVE-2026-42043 axios: Axios: NO_PROXY bypass via crafted URL
CVE-2026-42043 axios: Axios: NO_PROXY bypass via crafted URL
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1.
Bugzilla
CVE-2025-62718 cachelib: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 cachelib: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
CVE-2025-62718 cachelib: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 magicmirror: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 magicmirror: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
CVE-2025-62718 magicmirror: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 fbthrift: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 fbthrift: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
CVE-2025-62718 fbthrift: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 cachelib: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 cachelib: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 cachelib: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 oh-my-posh: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 oh-my-posh: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 oh-my-posh: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 ansible-collection-awx-awx: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 ansible-collection-awx-awx: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 ansible-collection-awx-awx: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 fbthrift: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 fbthrift: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 fbthrift: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 nodejs-aw-webui: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 nodejs-aw-webui: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 nodejs-aw-webui: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 h3: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 h3: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 h3: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 ansible-collection-awx-awx: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 ansible-collection-awx-awx: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
CVE-2025-62718 ansible-collection-awx-awx: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 magicmirror: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
bugzilla·2026-04-10·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 magicmirror: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
CVE-2025-62718 magicmirror: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2025-62718 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
bugzilla·2026-04-09·CVSS 9.3
CVE-2025-62718 [CRITICAL] CVE-2025-62718 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
CVE-2025-62718 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is f
https://datatracker.ietf.org/doc/html/rfc1034#section-3.1https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9chttps://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24dfhttps://github.com/axios/axios/pull/10661https://github.com/axios/axios/pull/10688https://github.com/axios/axios/releases/tag/v0.31.0https://github.com/axios/axios/releases/tag/v1.15.0https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5https://access.redhat.com/errata/RHSA-2026:10175https://access.redhat.com/errata/RHSA-2026:13571https://access.redhat.com/errata/RHSA-2026:13826https://access.redhat.com/errata/RHSA-2026:14937https://access.redhat.com/errata/RHSA-2026:16874https://access.redhat.com/errata/RHSA-2026:17657https://access.redhat.com/errata/RHSA-2026:17699https://access.redhat.com/errata/RHSA-2026:19375https://access.redhat.com/errata/RHSA-2026:19712https://access.redhat.com/errata/RHSA-2026:20889https://access.redhat.com/errata/RHSA-2026:20938https://access.redhat.com/errata/RHSA-2026:21017https://access.redhat.com/errata/RHSA-2026:22465https://access.redhat.com/errata/RHSA-2026:22629https://access.redhat.com/errata/RHSA-2026:22840https://access.redhat.com/errata/RHSA-2026:23361https://access.redhat.com/errata/RHSA-2026:24471https://access.redhat.com/errata/RHSA-2026:24761https://access.redhat.com/errata/RHSA-2026:24766https://access.redhat.com/errata/RHSA-2026:24853https://access.redhat.com/errata/RHSA-2026:24866https://access.redhat.com/errata/RHSA-2026:24977https://access.redhat.com/errata/RHSA-2026:26010https://access.redhat.com/errata/RHSA-2026:8483https://access.redhat.com/errata/RHSA-2026:8484https://access.redhat.com/errata/RHSA-2026:8490https://access.redhat.com/errata/RHSA-2026:8491https://access.redhat.com/errata/RHSA-2026:8493https://access.redhat.com/errata/RHSA-2026:9742https://access.redhat.com/security/cve/CVE-2025-62718https://bugzilla.redhat.com/show_bug.cgi?id=2456913https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62718.json
2026-04-09
Published