Home > Vulnerability Database > CVE-2025-23085

Mend.io Vulnerability Database

CVE-2025-23085

Date: February 7, 2025

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.

Severity Score

5.3

Related Resources (4)

Url: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

Url: https://lists.debian.org/debian-lts-announce/2025/02/msg00031.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-23085

Url: https://www.mend.io/vulnerability-database/CVE-2025-23085

Severity Score

5.3

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Missing Release of Memory after Effective Lifetime

CWE-401

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-23085

Date: February 7, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?