VYPR
Low severity3.2OSV Advisory· Published Sep 16, 2025· Updated Apr 15, 2026

CVE-2025-59436

CVE-2025-59436

Description

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Indutny/Node IPOSV2 versions
    v0.0.1, v0.0.2, v0.0.3, …+ 1 more
    • (no CPE)range: v0.0.1, v0.0.2, v0.0.3, …
    • (no CPE)range: <=2.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.