{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_alt_nodejs/el10/vex/2025/cve-2025-23083-els_alt_nodejs-el10.json" } ], "tracking": { "current_release_date": "2026-03-03T21:07:45Z", "generator": { "date": "2026-03-03T21:07:45Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-23083-ELS_ALT_NODEJS-EL10", "initial_release_date": "2025-01-22T01:11:00Z", "revision_history": [ { "date": "2025-01-22T01:11:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-03-03T21:07:45Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2025-23083" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 9", "product": { "name": "Community Enterprise Operating System 9", "product_id": "CentOS-10", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:10:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Cloud Linux Software, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "product": { "name": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "product_id": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs-devel@14.21.3-16.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64", "product": { "name": "alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64", "product_id": "alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs-devel@14.21.3-19.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "product": { "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "product_id": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-npm@6.14.18-14.21.3.16.el10?arch=x86_64&epoch=1&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64", "product": { "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64", "product_id": "alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-npm@6.14.18-14.21.3.19.el10?arch=x86_64&epoch=1&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64", "product": { "name": "alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64", "product_id": "alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs@14.21.3-19.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "product": { "name": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "product_id": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs@14.21.3-16.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64", "product": { "name": "alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64", "product_id": "alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs@16.20.2-12.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "product": { "name": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "product_id": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs@16.20.2-10.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64", "product": { "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64", "product_id": "alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-npm@8.19.4-16.20.2.12.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "product": { "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "product_id": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-npm@8.19.4-16.20.2.10.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64", "product": { "name": "alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64", "product_id": "alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs-devel@16.20.2-12.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "product": { "name": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "product_id": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs-devel@16.20.2-10.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "product": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "product_id": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-npm@10.8.2-18.20.8.5.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "product": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "product_id": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-npm@10.8.2-18.20.8.4.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "product_id": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-devel@18.20.8-5.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "product_id": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-devel@18.20.8-4.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "product_id": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs@18.20.8-5.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "product_id": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs@18.20.8-4.el10?arch=x86_64&os_name=centos&os_version=9" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch", "product": { "name": "alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch", "product_id": "alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs-docs@14.21.3-19.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "product": { "name": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "product_id": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs-docs@14.21.3-16.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "product": { "name": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "product_id": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs-docs@16.20.2-10.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch", "product": { "name": "alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch", "product_id": "alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs-docs@16.20.2-12.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "product": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "product_id": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-docs@18.20.8-5.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "product": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "product_id": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-docs@18.20.8-4.el10?arch=noarch&os_name=centos&os_version=9" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64" }, "product_reference": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64" }, "product_reference": "alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64" }, "product_reference": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64" }, "product_reference": "alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64" }, "product_reference": "alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64" }, "product_reference": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch" }, "product_reference": "alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch" }, "product_reference": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch" }, "product_reference": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch" }, "product_reference": "alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64" }, "product_reference": "alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64" }, "product_reference": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64" }, "product_reference": "alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64" }, "product_reference": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64" }, "product_reference": "alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64" }, "product_reference": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" }, "product_reference": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64" }, "product_reference": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch" }, "product_reference": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch" }, "product_reference": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "relates_to_product_reference": "CentOS-10" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-23083", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "description", "text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-lang/cve/CVE-2025-23083" } ], "release_date": "2025-01-22T01:11:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" }, { "category": "impact", "details": "Not affected: CVE-2025-23083 targets Node.js v20, v22, and v23 when the Permission Model (--permission) is enabled, exploiting diagnostics_channel hooks on worker creation to access internal workers. The deployed Node.js v14 predates the Permission Model and the later worker/diagnostics_channel code that introduced this flaw, so the vulnerable code path does not exist and the issue is not exploitable in this environment.", "product_ids": [ "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-19.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-19.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-19.el10.noarch", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.19.el10.x86_64" ] }, { "category": "impact", "details": "Not affected: CVE-2025-23083 only impacts Node.js 20/22/23 when the Permission Model (--permission) is enabled; Node.js 16.20.2 predates this feature, so the vulnerable permission-enforcement path is absent. In addition, the attack as described leverages the test runner’s module-mocking capability (e.g., t.mock.module/--experimental-test-module-mocks) introduced in later 20.x releases and not present in 16.20.2, leaving no viable trigger for the issue.", "product_ids": [ "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-12.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-12.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-12.el10.noarch", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.12.el10.x86_64" ] }, { "category": "impact", "details": "Not affected: CVE‑2025‑23083 targets Node.js installations that enable the Permission Model (--permission) on versions 20, 22, or 23; Node.js 18.20.8 does not include this Permission Model, so the vulnerable diagnostics_channel worker‑exposure path is not present. Additionally, the node:test module’s module‑mocking API (mock.module)—used in the reported attack chain—was introduced in Node 20.x and is absent in 18.20.8. Therefore, systems running Node.js 18.20.8 are not vulnerable to this issue.", "product_ids": [ "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" ] } ] } ] }