Plattform
nodejs
Komponente
ip
Behoben in
2.0.2
CVE-2025-59437 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the ip (also known as node-ip) package, a popular Node.js module for IP address manipulation. This flaw arises from an incomplete fix addressing CVE-2024-29415, allowing attackers to potentially initiate requests to internal resources. The vulnerability affects versions 0.0.0 through 2.0.1 of the node-ip package and is resolved in version 2.0.2.
An attacker exploiting this SSRF vulnerability could potentially bypass internal network restrictions and access sensitive resources that are only accessible from within the application's network. While some applications block connections to the IP address 0 (0.0.0.0) with error messages, the vulnerability allows connections to 127.0.0.1 in certain configurations and operating systems. This could lead to unauthorized access to internal services, databases, or other sensitive data. The impact is particularly concerning in environments where the application interacts with internal APIs or services that are not exposed to the public internet.
This vulnerability is considered LOW severity based on the CVSS score. Public proof-of-concept (PoC) code is currently unavailable, but the vulnerability's nature makes it likely that PoCs will emerge. The vulnerability was published on 2025-09-16. It is not currently listed on the CISA KEV catalog. The incomplete fix from CVE-2024-29415 highlights the importance of thorough testing and validation after applying security patches.
Applications built on Node.js that utilize the node-ip package, particularly those deployed in shared hosting environments or those that process user-supplied IP addresses without proper validation, are at risk. Legacy applications using older versions of Node.js and the node-ip package are also vulnerable.
• nodejs / server:
npm list ip --depth=0 # Check installed version
grep -r 'ip.isPublic(0)' . # Search for usage of vulnerable function• generic web:
curl -I <application_endpoint_using_ip_package> # Check response headers for unexpected internal IPs
grep '0.0.0.0' /var/log/nginx/access.log # Monitor access logs for connections to 0.0.0.0disclosure
patch
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-59437 is to upgrade the node-ip package to version 2.0.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These might include configuring a Web Application Firewall (WAF) or proxy to block requests to the IP address 0.0.0.0 or implementing stricter input validation to prevent the use of this IP address in requests. Review application code to ensure that any internal connections are properly validated and secured. After upgrading, confirm the fix by attempting to connect to 127.0.0.1 through the application and verifying that the connection is blocked or handled securely.
Aktualisieren Sie das Paket 'ip' auf eine Version nach 2.0.1, falls verfügbar, um die SSRF-Schwachstelle zu beheben. Dadurch wird verhindert, dass die IP-Adresse 0 fälschlicherweise als öffentliche Adresse betrachtet wird. Weitere Details zur Behebung finden Sie in den Versionshinweisen oder dem Änderungsprotokoll des Pakets.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-59437 is a Server-Side Request Forgery (SSRF) vulnerability in the node-ip NPM package affecting versions 0.0–2.0.1, allowing attackers to potentially initiate connections to internal resources.
If your project uses the node-ip package versions 0.0 through 2.0.1, you are potentially affected by this SSRF vulnerability. Check your project dependencies immediately.
Upgrade the node-ip package to version 2.0.2 or later to resolve the vulnerability. Consider implementing WAF rules or proxy filtering as an additional layer of defense.
While active exploitation has not been confirmed, the vulnerability's nature suggests it could be easily exploited, so vigilance is advised.
Refer to the npm advisory and the node-ip project's repository for the latest information and updates regarding CVE-2025-59437.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.