Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bx67-aud6-b3fa
Vulnerability ID VCID-bx67-aud6-b3fa
Aliases CVE-2024-22025
Summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json
epss 0.0043 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.0043 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2024-22025
cvssv3 6.5 https://hackerone.com/reports/2284065
ssvc Track https://hackerone.com/reports/2284065
cvssv3 6.5 https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
cvssv3 6.5 https://security.netapp.com/advisory/ntap-20240517-0008/
ssvc Track https://security.netapp.com/advisory/ntap-20240517-0008/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json
https://api.first.org/data/v1/epss?cve=CVE-2024-22025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025
2270559 https://bugzilla.redhat.com/show_bug.cgi?id=2270559
2284065 https://hackerone.com/reports/2284065
GLSA-202505-11 https://security.gentoo.org/glsa/202505-11
msg00029.html https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
ntap-20240517-0008 https://security.netapp.com/advisory/ntap-20240517-0008/
RHSA-2024:2778 https://access.redhat.com/errata/RHSA-2024:2778
RHSA-2024:2779 https://access.redhat.com/errata/RHSA-2024:2779
RHSA-2024:2780 https://access.redhat.com/errata/RHSA-2024:2780
RHSA-2024:2853 https://access.redhat.com/errata/RHSA-2024:2853
RHSA-2024:2910 https://access.redhat.com/errata/RHSA-2024:2910
RHSA-2024:4559 https://access.redhat.com/errata/RHSA-2024:4559
RHSA-2024:4721 https://access.redhat.com/errata/RHSA-2024:4721
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://hackerone.com/reports/2284065
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/ Found at https://hackerone.com/reports/2284065
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/ Found at https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240517-0008/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/ Found at https://security.netapp.com/advisory/ntap-20240517-0008/
Exploit Prediction Scoring System (EPSS)
Percentile 0.62483
EPSS Score 0.0043
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:01:17.766515+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202505-11 38.0.0