CVE-2025-23085

CVSS 3.0 Score 5.3 of 10 (medium)

Details

Published Feb 7, 2025

Updated: Feb 25, 2025

CWE ID 401

Summary

CVE-2025-23085 is a memory leak vulnerability in Node.js HTTP/2 Server affecting versions 18.x, 20.x, 22.x, and 23.x. When a remote peer abruptly ends a socket connection without sending a GOAWAY notification or if an invalid header causes the connection termination, the nghttp2 library fails to properly handle the situation, leading to increased memory consumption. This memory leak could potentially result in denial of service under heavy traffic conditions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2XJMDX
https://www.cve.org/CVERecord?id=CVE-2025-23085
https://nvd.nist.gov/vuln/detail/CVE-2025-23085

Back to Vulnerability Database

CVE-2025-23085

CVSS 3.0 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations