Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 517
Alerts This Week
Warning Icon 1 517

SUSE Nodejs22 Important Security Update 2026-20436-1 CVE-2025-55130 DoS

suse
Calendar Grey February 18, 2026
Dist Suse Esm H88
This SUSE advisory details important updates for nodejs22 addressing multiple vulnerabilities to enhance system security.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for nodejs22 fixes the following issues: Update to 22.22.0: * CVE-2025-55130: file system permissions bypass via crafted symlinks (bsc#1256569). * CVE-2025-55131: timeout-based race conditions allow for allocations that contain leftover data from previous operations and lead to exposure of in- process secrets (bsc#1256570). * CVE-2025-55132: a file's access and modification timestamps can be changed via `futimes()` even when the process has only read permissions (bsc#1256571). * CVE-2025-59465: malformed HTTP/2 HEADERS frame with invalid HPACK data can cause a crash due to an unhandled error (bsc#1256573). * CVE-2025-59466: uncatchable "Maximum call stack size exceeded" error when `async_hooks.createHook()` is enabled can lead to crash (bsc#1256574).

References

* bsc#1256569

* bsc#1256570

* bsc#1256571

* bsc#1256573

* bsc#1256574

* bsc#1256576

* bsc#1256848

Cross-

* CVE-2025-55130

* CVE-2025-55131

* CVE-2025-55132

* CVE-2025-59465

* CVE-2025-59466

* CVE-2026-21637

* CVE-2026-22036

CVSS scores:

* CVE-2025-55130 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-55130 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-55130 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2025-55130 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

* CVE-2025-55131 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-55131 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20436-1
Release Date: 2026-02-15T09:26:17Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.