๐Ÿ” CVE Alert

CVE-2025-59465

HIGH 7.5
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example: ``` server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) }) ```

Vendor nodejs
Product node
Ecosystems
Industries
Technology
Published Jan 20, 2026
Last Updated Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for nodejs node

Be the first to know when new high vulnerabilities affecting nodejs node are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions

nodejs / node
20.19.6 โ‰ค 20.19.6 22.21.1 โ‰ค 22.21.1 24.12.0 โ‰ค 24.12.0 25.2.1 โ‰ค 25.2.1 4.0 < 4.* 5.0 < 5.* 6.0 < 6.* 7.0 < 7.* 8.0 < 8.* 9.0 < 9.* 10.0 < 10.* 11.0 < 11.* 12.0 < 12.* 13.0 < 13.* 14.0 < 14.* 15.0 < 15.* 16.0 < 16.* 17.0 < 17.* 18.0 < 18.*

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
nodejs.org: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-59465 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2431349 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2899 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1843 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1842 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2422 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2421 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2420 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2768 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2767 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2864 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2783 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2782 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2781 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7386 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7387 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6402 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6431