CVE-2025-23166 | Node.js Async Cryptographic Operation SignTraits::DeriveBits denial of service

Inserito da Angelo Barbosa | Mag 15, 2025 | CVE

A vulnerability, which was classified as problematic, was found in Node.js. This affects the function SignTraits::DeriveBits of the component Async Cryptographic Operation Handler. The manipulation leads to denial of service.

This vulnerability is uniquely identified as CVE-2025-23166. Access to the local network is required for this attack to succeed. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-23166 | Node.js Async Cryptographic Operation SignTraits::DeriveBits denial of service

Post correlati

CVE-2023-47691 | Podlove Web Player Plugin up to 5.7.3 on WordPress authorization

CVE-2024-9541 | News Kit Elementor Addons Plugin up to 1.2.1 on WordPress Canvas Menu Elementor Template information disclosure

CVE-2025-41404 | iroha Soft iroha Board up to 0.10.12 direct request

CVE-2024-37233 | Play.ht Plugin up to 3.6.4 on WordPress improper authentication