CVE-2025-23083

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-23083

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23083.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-23083

Aliases

Downstream

ALPINE-CVE-2025-23083

BELL-CVE-2025-23083

DEBIAN-CVE-2025-23083

ECHO-0afb-21f8-9413

MINI-6xr9-f47m-wx3f

MINI-f9p3-f44v-h6ww

MINI-p296-v55m-rjg4

OESA-2025-1234

OESA-2025-1235

RHSA-2025:1351

RHSA-2025:1443

RHSA-2025:1522

RHSA-2025:1611

RHSA-2025:1613

RLSA-2025:1613

SUSE-SU-2025:0232-1

SUSE-SU-2025:0237-1

SUSE-SU-2025:0284-1

UBUNTU-CVE-2025-23083

openSUSE-SU-2025:14706-1

Related

Published

2025-01-22T02:15:33Z

Modified

2025-08-29T15:00:44Z

Summary

[none]

Details

With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.

This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.

References

Affected packages