CVE-2025-59464

Q: What is the severity of CVE-2025-59464?

CVE-2025-59464 has a medium severity rating due to the potential for remote clients to cause memory leaks.

Q: How do I fix CVE-2025-59464?

To fix CVE-2025-59464, it is recommended to update to the latest version of Node.js that addresses the memory leak in the OpenSSL integration.

Q: What versions of Node.js are affected by CVE-2025-59464?

CVE-2025-59464 affects multiple versions of Node.js that utilize the OpenSSL integration for handling X.509 certificate fields.

Q: Can CVE-2025-59464 affect application performance?

Yes, CVE-2025-59464 can lead to steady memory growth, which may degrade application performance over time.

Q: Is there a workaround for CVE-2025-59464?

Currently, there are no known workarounds for CVE-2025-59464 other than upgrading to a patched version of Node.js.

Published Jan 20, 2026

Updated

A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Affected Software

2 affected components

Node.js Node.js

Nodejs Node.js>=24.0.0<24.12.0

Event History

Jan 20, 2026

CVE Published

via MITRE·08:41 PM

Data Sourced

via MITRE·08:41 PM

DescriptionSeverity

Data Sourced

via NVD·09:16 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-59464?

CVE-2025-59464 has a medium severity rating due to the potential for remote clients to cause memory leaks.

How do I fix CVE-2025-59464?

To fix CVE-2025-59464, it is recommended to update to the latest version of Node.js that addresses the memory leak in the OpenSSL integration.

What versions of Node.js are affected by CVE-2025-59464?

CVE-2025-59464 affects multiple versions of Node.js that utilize the OpenSSL integration for handling X.509 certificate fields.

Can CVE-2025-59464 affect application performance?

Yes, CVE-2025-59464 can lead to steady memory growth, which may degrade application performance over time.

Is there a workaround for CVE-2025-59464?

Currently, there are no known workarounds for CVE-2025-59464 other than upgrading to a patched version of Node.js.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.