VYPR
Unrated severityOSV Advisory· Published Jan 20, 2026· Updated Jan 21, 2026

CVE-2025-59466

CVE-2025-59466

Description

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when async_hooks.createHook() is enabled. Instead of reaching process.on('uncaughtException'), the process terminates, making the crash unrecoverable. Applications that rely on AsyncLocalStorage (v22, v20) or async_hooks.createHook() (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

53

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.