Nodejs 24.4.1 Security Release

Details: Last Updated: August 01, 2025

Security release!

CVE-2025-27209
CVE-2025-27210

Notable Changes

(CVE-2025-27209) HashDoS in V8 with new RapidHash algorithm
(CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

Commits

[c33223f1a5] - (CVE-2025-27209) deps: V8: revert rapidhash commits (Michaël Zasso) nodejs-private/node-private#713
[56f9db2aaa] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721

Release URL: https://github.com/Bearsampp/module-nodejs/releases/tag/2025.7.31

Our Supporters

Jet Brains

Tassos gr

AM Graphix

Sorry, this website uses features that your browser doesn’t support. Upgrade to a newer version of Firefox, Chrome, Safari, or Edge and you’ll be all set.