Critical severityOSV Advisory· Published Jul 9, 2025· Updated Apr 15, 2026
CVE-2025-53620
CVE-2025-53620
Description
@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS to exit. This vulnerability is fixed in 1.13.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@builder.io/qwik-citynpm | < 1.13.0 | 1.13.0 |
Affected products
2Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.