216.73.217.64

CVE-2025-25200

· Published 12/02/2025 18:15 · Modified 12/02/2025 18:15

Labels: CVE-2025-25200 2025-02-12CVE-2025-25200CWE-1333[email protected]

Essential information

Published
12/02/2025 18:15
Modified
12/02/2025 18:15
Author
Creator
CISA KEV
No
CWE

Description

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 fix the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References