cve/2025/CVE-2025-23084.md

CVE-2025-23084

Description

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.

On Windows, a path that does not start with the file separator is treated as relative to the current directory.

This vulnerability affects Windows users of path.join API.

POC

Reference

No PoCs from references.

Github

• https://github.com/ARPSyndicate/cve-scores
• https://github.com/B1ack4sh/Blackash-CVE-2025-27210
• https://github.com/fkie-cad/nvd-json-data-feeds
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/sharmapintu987654321-boop/Nessus-Scan-Reports