Platform
nodejs
Component
ip
Fixed in
2.0.2
CVE-2025-59436 describes a Server-Side Request Forgery (SSRF) vulnerability found in the ip (also known as node-ip) Node.js package. This flaw arises from an improper categorization of the IP address 017700000001 as globally routable, potentially allowing attackers to initiate unauthorized requests. The vulnerability affects versions 0.0 through 2.0.1 of the package, and a fix is available in version 2.0.2.
The SSRF vulnerability allows an attacker to craft malicious requests that appear to originate from the server itself. This can lead to unauthorized access to internal resources, potentially exposing sensitive data or allowing attackers to interact with internal services that are not directly accessible from the outside. The attacker could, for example, scan internal networks, access cloud metadata services, or even attempt to exploit other vulnerabilities within the internal infrastructure. This vulnerability builds upon an incomplete fix for CVE-2024-29415, highlighting the importance of thorough testing and verification after security patches.
CVE-2025-59436 was published on 2025-09-16. The vulnerability's CVSS score is LOW, indicating a relatively limited potential for exploitation. As of this writing, there are no publicly available proof-of-concept exploits. It is not currently listed on the CISA KEV catalog. The vulnerability's existence is linked to an incomplete fix for CVE-2024-29415, suggesting a potential for similar exploitation patterns.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59436 is to upgrade the ip Node.js package to version 2.0.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing input validation and sanitization to prevent the use of the problematic IP address 017700000001. Additionally, restrict outbound network access from the application to only necessary destinations using a Web Application Firewall (WAF) or proxy server. Monitor application logs for unusual outbound requests originating from the server. After upgrading, verify the fix by attempting to trigger the SSRF vulnerability with the problematic IP address and confirming that the request is blocked.
Update the `ip` package to a version later than 2.0.1, if a patched version is available. This mitigates the SSRF vulnerability caused by the incorrect categorization of certain IP addresses as publicly routable. See the release notes for more details about the fix.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59436 is a Server-Side Request Forgery (SSRF) vulnerability in the ip Node.js package, allowing attackers to potentially trigger unauthorized requests.
You are affected if your application uses the ip Node.js package versions 0.0 through 2.0.1.
Upgrade the ip Node.js package to version 2.0.2 or later. Implement input validation as a temporary workaround.
As of the current date, there are no publicly available proof-of-concept exploits or confirmed active exploitation campaigns.
Refer to the npm advisory and the ip Node.js package repository for updates and official information: [https://www.npmjs.com/advisories/1766](https://www.npmjs.com/advisories/1766)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.