High severity7.5NVD Advisory· Published Jul 18, 2025· Updated Apr 15, 2026
CVE-2025-27209
CVE-2025-27209
Description
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even without knowing the hash-seed.
- This vulnerability affects Node.js v24.x users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 24.0.0, < 24.4.1+ 1 more
- (no CPE)range: >= 24.0.0, < 24.4.1
- (no CPE)range: >= 24.0.0, < 24.4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.