How severe is CVE-2025-47279?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2025-47279?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2025-47279 - LOW Severity | CVSS 3.1

Vulnerability Description

Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails.

Related Vulnerabilities

CVE-2025-1148

LOW

CVSS:3.1(Low)

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation lea...

CWE-4012025

CVE-2025-1149

LOW

CVSS:3.1(Low)

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to ...

CWE-4012025

CVE-2025-1150

LOW

CVSS:3.1(Low)

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads...

CWE-4012025

CVE-2025-1151

LOW

CVSS:3.1(Low)

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory le...

CWE-4012025

CVE-2019-19057

LOW

CVSS:3.3(Low)

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory con...

CWE-4012019

CVE-2019-3815

LOW

CVSS:3.3(Low)

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_io...

CWE-4012019