How severe is CVE-2025-23165?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2025-23165?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2025-23165 - LOW Severity | CVSS 3.7

Vulnerability Description

In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.

Related Vulnerabilities

CVE-2025-1152

LOW

CVSS:3.7(Low)

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is ...

CWE-4012025

CVE-2019-20382

LOW

CVSS:3.5(Low)

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is no...

CWE-4012019

CVE-2019-19073

MEDIUM

CVSS:4.0(Medium)

Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout(...

CWE-4012019

CVE-2022-23091

MEDIUM

CVSS:4.0(Medium)

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a ...

CWE-4012022

CVE-2019-19057

LOW

CVSS:3.3(Low)

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory con...

CWE-4012019

CVE-2019-3815

LOW

CVSS:3.3(Low)

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_io...

CWE-4012019