How severe is CVE-2025-23084?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2025-23084?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-23084 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.

Related Vulnerabilities

CVE-2010-0481

MEDIUM

CVSS:5.5(Medium)

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows ...

CWE-222010

CVE-2014-9485

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry ...

CWE-222014

CVE-2014-9983

MEDIUM

CVSS:5.5(Medium)

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files vi...

CWE-222014

CVE-2015-6591

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.

CWE-222015

CVE-2016-7569

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.

CWE-222016

CVE-2016-7842

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.

CWE-222016