Platform
nodejs
Component
ip
Fixed in
2.0.2
CVE-2025-59437 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the ip (also known as node-ip) package, a popular Node.js module used for IP address manipulation. This SSRF vulnerability allows attackers to potentially initiate connections to internal resources, bypassing network restrictions. The vulnerability affects versions 0.0 through 2.0.1 of the package and has been resolved in version 2.0.2.
The SSRF vulnerability in node-ip arises from an improper categorization of the IP address '0' as globally routable. This misclassification allows an attacker to craft requests that, under certain conditions, are interpreted as connections to the local loopback address (127.0.0.1). While some applications may block connections to '0' or '0.0.0.0' with error messages, the vulnerability persists in environments where these attempts are not blocked or are incorrectly routed. Successful exploitation could enable an attacker to access internal services, read sensitive data, or potentially perform reconnaissance within the internal network. The impact is amplified if the application using node-ip is deployed in a shared hosting environment, potentially exposing multiple tenants to the risk.
CVE-2025-59437 was published on September 16, 2025. It is related to CVE-2024-29415, representing an incomplete fix. The EPSS score is currently pending evaluation. Public proof-of-concept (PoC) code is not yet widely available, but the vulnerability's nature suggests it could be easily exploited once a PoC is released. Monitor security advisories and vulnerability databases for updates.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59437 is to immediately upgrade the node-ip package to version 2.0.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests and block connections to internal IP addresses, particularly '0' and '0.0.0.0'. Additionally, review application code that utilizes the node-ip package to ensure proper validation and sanitization of IP addresses before use. Monitor application logs for unusual outbound connection attempts to internal resources. After upgrading, confirm the fix by attempting to construct a request that previously triggered the SSRF vulnerability and verifying that it is now blocked.
Update the 'ip' package to a version later than 2.0.1, if available, to fix the SSRF vulnerability. This will prevent the IP address 0 from being incorrectly considered a public address. Consult the package's release notes or changelog for more details about the fix.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59437 is a Server-Side Request Forgery (SSRF) vulnerability in the node-ip NPM package affecting versions 0.0–2.0.1, allowing attackers to potentially initiate connections to internal resources.
If your project uses the node-ip package versions 0.0 through 2.0.1, you are potentially affected by this SSRF vulnerability. Check your project dependencies immediately.
Upgrade the node-ip package to version 2.0.2 or later to resolve the vulnerability. Consider implementing WAF rules or proxy filtering as an additional layer of defense.
While active exploitation has not been confirmed, the vulnerability's nature suggests it could be easily exploited, so vigilance is advised.
Refer to the npm advisory and the node-ip project's repository for the latest information and updates regarding CVE-2025-59437.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.