VYPR
Unrated severityNVD Advisory· Published Jan 28, 2025· Updated Nov 4, 2025

CVE-2025-23084

CVE-2025-23084

Description

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.

On Windows, a path that does not start with the file separator is treated as relative to the current directory.

This vulnerability affects Windows users of path.join API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.