VYPR
High severity7.5NVD Advisory· Published Jul 18, 2025· Updated Apr 15, 2026

CVE-2025-27209

CVE-2025-27209

Description

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even without knowing the hash-seed.

  • This vulnerability affects Node.js v24.x users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Node.js/Node.jsinferred2 versions
    =24.0.0+ 1 more
    • (no CPE)range: =24.0.0
    • (no CPE)range: = 24.0.0 through <24.?.?
  • osv-coords2 versions
    >= 24.0.0, < 24.4.1+ 1 more
    • (no CPE)range: >= 24.0.0, < 24.4.1
    • (no CPE)range: >= 24.0.0, < 24.4.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.