7.7

CVSS Score

3.0

Basic Information

CVE ID

CVE-2025-23083

GHSA ID

GHSA-wv7p-rjf3-9fr5

EPSS Score

0.00225%

CWE

CWE-284

Published

1/22/2025

Updated

2/28/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-23083

CVE-2025-23083: With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker...

With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.

This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.

(GitHub Advisory)

7.7

CVSS Score

3.0

Basic Information

CVE ID

CVE-2025-23083

GHSA ID

GHSA-wv7p-rjf3-9fr5

EPSS Score

0.00225%

CWE

CWE-284

Published

1/22/2025

Updated

2/28/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Wit* t** *i* o* t** *i**nosti*s_***nn*l utility, *n *v*nt **n ** *ook** into w**n*v*r * work*r t*r*** is *r**t**. T*is is not limit** only to work*rs *ut *lso *xpos*s int*rn*l work*rs, w**r* *n inst*n** o* t**m **n ** **t****, *n* its *onstru*tor **n

Reasoning

No *n*lysis *v*il**l*

7.7

Basic Information

Concerned about an active attack path?

CVE-2025-23083: With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker...

7.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI