{"vulnerability": "CVE-2025-23084", "sightings": [{"uuid": "d5f32b8b-41b0-4af2-85b6-a2c4e2ccb518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mcx3js57e62m", "content": "", "creation_timestamp": "2026-01-21T16:25:33.329094Z"}, {"uuid": "c42579fd-39dc-4c7e-8b46-08c554fda417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "published-proof-of-concept", "source": "Telegram/z_ebYnNGYsAvqPSR_ksCHYf7iQyo3Kz8im6VaWbcmMpsW68", "content": "", "creation_timestamp": "2025-07-19T15:00:07.000000Z"}, {"uuid": "ea32e3a9-010e-472b-8343-93d01196295a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14194", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23084\n\ud83d\udd25 CVSS Score: 5.6 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.\n\nOn Windows, a path that does not start with the file separator is treated as relative to the current directory. \n\nThis vulnerability affects Windows users of `path.join` API.\n\ud83d\udccf Published: 2025-01-28T04:35:15.236Z\n\ud83d\udccf Modified: 2025-04-30T22:25:23.315Z\n\ud83d\udd17 References:\n1. https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", "creation_timestamp": "2025-04-30T23:14:36.000000Z"}, {"uuid": "b6e4cfee-a660-4283-af00-fd5e191c8b7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lu4bpfj2nk24", "content": "", "creation_timestamp": "2025-07-16T20:41:28.836928Z"}, {"uuid": "7bd4d842-9db9-4254-b546-bcd5bd4f8755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3luby4irpcr2w", "content": "", "creation_timestamp": "2025-07-19T03:05:48.572399Z"}, {"uuid": "8c726e02-659f-42e9-b88c-a57fa4ab4037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "MISP/a3c5beab-b790-4171-8b4c-02c8a9678071", "content": "", "creation_timestamp": "2025-07-22T03:54:24.000000Z"}, {"uuid": "68e8181a-4d7f-4c7b-ae07-96ff5613c32d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "14acc990-770d-4559-9696-8e1db8f02549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3242", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23084\n\ud83d\udd25 CVSS Score: 5.6 (CVSS_V3)\n\ud83d\udd39 Description: A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.\n\nOn Windows, a path that does not start with the file separator is treated as relative to the current directory. \n\nThis vulnerability affects Windows users of `path.join` API.\n\ud83d\udccf Published: 2025-01-28T06:30:40Z\n\ud83d\udccf Modified: 2025-01-28T06:30:40Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-23084\n2. https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", "creation_timestamp": "2025-01-28T07:08:52.000000Z"}, {"uuid": "a17818cd-df60-4154-bce2-5f04f5f9d124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://t.me/cvedetector/16582", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23084 - Node.js Windows Drive Name Handling Path Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23084 \nPublished : Jan. 28, 2025, 5:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.  \n  \nOn Windows, a path that does not start with the file separator is treated as relative to the current directory.   \n  \nThis vulnerability affects Windows users of `path.join` API. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T08:45:35.000000Z"}, {"uuid": "5c2c1fc5-7179-4021-a94e-d56e0450cffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgbppky7xy2t", "content": "", "creation_timestamp": "2025-01-21T20:42:41.736926Z"}, {"uuid": "cab7661c-79bc-422e-9a3a-d75b4015fccf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113904123327966262", "content": "", "creation_timestamp": "2025-01-28T04:36:31.711394Z"}, {"uuid": "197d7a08-69f8-4790-9807-4e495eba6847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgsjg4hzwq2q", "content": "", "creation_timestamp": "2025-01-28T13:05:17.571715Z"}, {"uuid": "fc7e28f1-138e-4baf-98e4-19ed9a0aa63b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "MISP/a3c5beab-b790-4171-8b4c-02c8a9678071", "content": "", "creation_timestamp": "2025-09-09T11:53:42.000000Z"}, {"uuid": "bbe0e6e0-bed6-49e5-855c-1949b90f862e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "Telegram/Qdzz1AKJLgYA5qbpq7wsXtyO5OathArotee-YC8gAHuem3o", "content": "", "creation_timestamp": "2025-09-16T15:00:07.000000Z"}, {"uuid": "7f6bc2c4-a989-40b1-ade1-85a3b25b5a12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23084", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgrp6n5rib2r", "content": "", "creation_timestamp": "2025-01-28T05:15:49.436550Z"}]}