VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-k3ej-p9y8-1qfk

Essentials
Severities (51)
References (12)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-k3ej-p9y8-1qfk
Aliases	CVE-2025-47153
Summary	Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1102

Reliance on Machine-Dependent Data Representation

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json
epss	0.00041	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2025-47153
cvssv3.1	6.5	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350
ssvc	Track	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350
cvssv3.1	6.5	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075
ssvc	Track	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=892601
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=892601
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://github.com/nodejs/node-v0.x-archive/issues/4549
ssvc	Track	https://github.com/nodejs/node-v0.x-archive/issues/4549

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-47153
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2025/05/msg00003.html
		http://www.openwall.com/lists/oss-security/2025/05/02/2
2363236		https://bugzilla.redhat.com/show_bug.cgi?id=2363236
4549		https://github.com/nodejs/node-v0.x-archive/issues/4549
922075		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075
bugreport.cgi?bug=1076350		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350
CVE-2025-47153		https://nvd.nist.gov/vuln/detail/CVE-2025-47153
show_bug.cgi?id=892601		https://bugzilla.redhat.com/show_bug.cgi?id=892601

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/ Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/ Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=892601

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=892601

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/nodejs/node-v0.x-archive/issues/4549

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/ Found at https://github.com/nodejs/node-v0.x-archive/issues/4549

Exploit Prediction Scoring System (EPSS)

Percentile	0.11795
EPSS Score	0.00041
Published At	May 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-05-01T15:24:52.512209+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	36.0.0