This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3118 This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Fri, 18 Jul 2025 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
References
Metrics cvssV3_0

{'score': 7.7, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Fri, 18 Jul 2025 23:15:00 +0000

Type Values Removed Values Added
Description With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 11 Feb 2025 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Jan 2025 01:30:00 +0000

Type Values Removed Values Added
Description With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
References
Metrics cvssV3_0

{'score': 7.7, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: REJECTED

Assigner: hackerone

Published:

Updated: 2025-07-18T23:02:35.042Z

Reserved: 2025-01-10T19:05:52.772Z

Link: CVE-2025-23090

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-01-22T02:15:34.443

Modified: 2025-07-18T23:15:22.337

Link: CVE-2025-23090

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.