We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-27209



Description

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even without knowing the hash-seed. * This vulnerability affects Node.js v24.x users.

Reserved 2025-02-20 | Published 2025-07-18 | Updated 2025-07-18 | Assigner hackerone


HIGH: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Product status

Default status
unaffected

24.0.0 before 24.4.1
affected

References

nodejs.org/en/blog/vulnerability/july-2025-security-releases

cve.org (CVE-2025-27209)

nvd.nist.gov (CVE-2025-27209)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-27209

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.