Security Advisory

CVE-2025-25200

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-12 17:59:04

Last updated 2025-02-12 19:29:10

Assigner GitHub_M

State PUBLISHED

Description

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 fix the issue.

← Browse all CVEs View on cve.org ↗