Home > Vulnerability Database > CVE-2025-7339

Mend.io Vulnerability Database

CVE-2025-7339

Good to know:

Date: July 17, 2025

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions "<1.1.0" may result in response headers being inadvertently modified when an array is passed to "response.writeHead()". Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to "1.1.0", but this issue can be worked around by passing an object to "response.writeHead()" rather than an array.

Severity Score

3.4

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-7339

Url: https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867

Url: https://cna.openjsf.org/security-advisories.html

Url: https://github.com/jshttp/on-headers/issues/15

Url: https://github.com/jshttp/on-headers

Url: https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q

Url: https://security-tracker.debian.org/tracker/CVE-2025-7339

Url: https://github.com/expressjs/morgan/issues/315

Url: https://www.mend.io/vulnerability-database/CVE-2025-7339

Severity Score

3.4

Weakness Type (CWE)

Improper Handling of Unexpected Data Type

CWE-241

Top Fix

Upgrade Version

Upgrade to version on-headers - 1.1.0

Learn More

CVSS v3.1

Base Score:	3.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-7339

Good to know:

Date: July 17, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?