Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for nodejs22 fixes the following issues: Update to 22.22.0: * CVE-2025-55130: file system permissions bypass via crafted symlinks (bsc#1256569). * CVE-2025-55131: timeout-based race conditions allow for allocations that contain leftover data from previous operations and lead to exposure of in- process secrets (bsc#1256570). * CVE-2025-55132: a file's access and modification timestamps can be changed via `futimes()` even when the process has only read permissions (bsc#1256571). * CVE-2025-59465: malformed HTTP/2 HEADERS frame with invalid HPACK data can cause a crash due to an unhandled error (bsc#1256573). * CVE-2025-59466: uncatchable "Maximum call stack size exceeded" error when `async_hooks.createHook()` is enabled can lead to crash (bsc#1256574).
* bsc#1256569
* bsc#1256570
* bsc#1256571
* bsc#1256573
* bsc#1256574
* bsc#1256576
* bsc#1256848
Cross-
* CVE-2025-55130
* CVE-2025-55131
* CVE-2025-55132
* CVE-2025-59465
* CVE-2025-59466
* CVE-2026-21637
* CVE-2026-22036
CVSS scores:
* CVE-2025-55130 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55130 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-55130 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-55130 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-55131 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-55131 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Get the latest Linux and open source security news straight to your inbox.