SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2025-27210

CVE-2025-27210: Node.js Path Traversal Vulnerability

CVE-2025-27210 is a path traversal vulnerability in Node.js that affects Windows users through incomplete fixes for device names like CON, PRN, and AUX. This article covers technical details, affected systems, and mitigation.

Updated:

CVE-2025-27210 Overview

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX.

This vulnerability affects Windows users of the path.join API.

Critical Impact

This issue allows path traversal attacks, potentially leading to unauthorized access to sensitive directories on Windows systems.

Affected Products

  • Node.js (Windows version)

Discovery Timeline

  • 2025-07-18 - CVE-2025-27210 published to NVD
  • 2025-11-04 - Last updated in NVD database

Technical Details for CVE-2025-27210

Vulnerability Analysis

CVE-2025-27210 is a path traversal vulnerability due to a faulty fix in the Node.js path.join function, which can be exploited when joining Windows device names like CON, PRN, or AUX. This vulnerability resides within the URL parsing logic, allowing malicious actors to traverse directories and potentially access unauthorized files and information.

Root Cause

The root cause is an incomplete patch for CVE-2025-23084, which did not adequately sanitize input paths containing Windows reserved device names in the path.join API.

Attack Vector

Attackers can exploit this vulnerability remotely by supplying crafted URLs or paths through network-accessible Node.js applications.

javascript
// Example exploitation code (sanitized)
const path = require('path');

const unsafePath = path.join('C:\', 'CON', 'file.txt');
console.log(`Access file at: ${unsafePath}`);

Detection Methods for CVE-2025-27210

Indicators of Compromise

  • Unusual access patterns to Windows reserved device files
  • Log entries with suspicious path join operations

Detection Strategies

Implement monitoring for unexpected path resolutions and access attempts to reserved device names through application logs and file access auditing.

Monitoring Recommendations

Use SentinelOne's runtime behavior analysis to detect irregular file system access patterns and flag suspicious path resolutions. Configure alerts for anomalies in file access on Windows platforms.

How to Mitigate CVE-2025-27210

Immediate Actions Required

  • Upgrade to the latest patched version of Node.js
  • Monitor for unusual path access

Patch Information

Node.js has released security updates to properly address the handling of Windows device names. Ensure systems are updated to the latest Node.js version available from the Node.js official site.

Workarounds

Implement input validation checks to sanitize and disallow reserved device names in file paths prior to passing them to the path.join API.

bash
# Configuration example
node -e "const path = require('path'); let safePath = path.posix.join('/data', 'file.txt'); console.log(safePath);"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne