CNNVD-202601-3185 Information
CNNVD ID
CNNVD-202601-3185
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js v20版本、v22版本、v24版本和v25版本存在安全漏洞,该漏洞源于权限模型中futimes函数未执行预期的写入权限检查,可能导致文件元数据在只读目录中被修改,从而影响日志可靠性。
Description (English)
Node.js is an open-source, cross-platform JavaScript running environment for Node.js. Node.js v20, v22, v24 and v25 have a security loophole, which stems from the fact that the futimes function in the permission model does not perform the expected write permission check, which may result in document metadata being modified in a read-only directory, thus affecting the log reliability.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Node.js
Published
2026-01-20
Last Modified
2026-02-24
References
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases https://access.redhat.com/security/cve/cve-2025-55132
Patch
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Share on: