CVE-2025-23090

HIGH Year: 2025
CVSS v3 Score
7.7
High
Weakness Type
CWE-284
View all →

Vulnerability Description

With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.

Related Vulnerabilities

CVE-2016-1905

HIGH
CVSS:7.7(High)

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.

CWE-2842016

CVE-2021-40405

HIGH
CVSS:7.7(High)

A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can ...

CWE-2842021

CVE-2022-26389

HIGH
CVSS:7.7(High)

An improper access control vulnerability may allow privilege escalation.This issue affects: * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; * ELI 280/BUR280/MLBUR 280 Resting Electroca...

CWE-2842022

CVE-2023-21985

HIGH
CVSS:7.7(High)

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker...

CWE-2842023

CVE-2023-39962

HIGH
CVSS:7.7(High)

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12....

CWE-2842023

CVE-2023-42859

HIGH
CVSS:7.7(High)

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.

CWE-2842023