प्लेटफ़ॉर्म
nodejs
घटक
node-red
में ठीक किया गया
3.1.7
CVE-2025-41656 describes a critical remote code execution (RCE) vulnerability affecting Node-RED versions from 0 through 2024-08. This vulnerability allows an unauthenticated attacker to execute arbitrary commands on the affected system with elevated privileges. The root cause is the lack of default authentication configuration for the Node-RED server. A fix is available in version 2024.0.1.
The impact of this vulnerability is severe. An attacker can gain complete control over the affected Node-RED instance and potentially the entire system it runs on. This could lead to data breaches, system compromise, and further lateral movement within the network. Given the popularity of Node-RED for IoT and automation deployments, a successful exploitation could have widespread consequences. The lack of authentication means no user interaction is required for exploitation, making it easily exploitable. Attackers could leverage this to install malware, steal sensitive data, or disrupt operations.
This vulnerability is considered highly exploitable due to the lack of authentication. Public proof-of-concept (PoC) code is likely to emerge quickly. The vulnerability was publicly disclosed on 2025-07-01. It is advisable to monitor security advisories and threat intelligence feeds for any indications of active exploitation. The CVSS score of 10 indicates a critical severity and a high probability of exploitation.
Organizations deploying Node-RED for IoT automation, home automation, or industrial control systems are particularly at risk. Environments with exposed Node-RED instances without proper authentication are especially vulnerable. Shared hosting environments where Node-RED is installed could also be affected if the hosting provider has not applied the necessary security patches.
• nodejs / server:
ps aux | grep node-red• nodejs / server:
journalctl -u node-red --since "1h"• nodejs / server: Check for unusual network connections to port 1880 (default Node-RED port) using netstat -tulnp | grep 1880 or ss -tulnp | grep 1880.
disclosure
patch
एक्सप्लॉइट स्थिति
EPSS
0.25% (48% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to upgrade to Node-RED version 2024.0.1 or later, which includes the authentication fix. If upgrading immediately is not possible, consider implementing a Web Application Firewall (WAF) or reverse proxy to restrict access to the Node-RED server and enforce authentication. Temporarily disabling the Node-RED service is another option to reduce the immediate risk. Ensure that any existing authentication mechanisms are properly configured and enforced. After upgrading, confirm the fix by attempting to access the Node-RED server without authentication and verifying that access is denied.
Configure la autenticación para el servidor Node-RED. Consulte la documentación de Node-RED para obtener instrucciones sobre cómo habilitar y configurar la autenticación. Asegúrese de utilizar contraseñas seguras y de cambiar las credenciales predeterminadas.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-41656 is a critical remote code execution vulnerability in Node-RED versions 0–2024-08. It allows unauthenticated attackers to execute commands due to a missing default authentication configuration.
You are affected if you are running Node-RED versions 0 through 2024-08. Check your version and upgrade immediately if vulnerable.
Upgrade to Node-RED version 2024.0.1 or later. As a temporary workaround, implement a WAF or disable the Node-RED service.
While no active exploitation has been confirmed, the vulnerability's critical severity and ease of exploitation suggest a high likelihood of exploitation.
Refer to the official Node-RED security advisory on their website or GitHub repository for the latest information and updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।