cvelistv5 - cve-2025-23090

CVE-2025-23090 (GCVE-0-2025-23090)

Vulnerability from cvelistv5

This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.

Replaced by CVE-2025-23083

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-07-18T23:02:35.042Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083."
        }
      ],
      "replacedBy": [
        "CVE-2025-23083"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2025-23090",
    "datePublished": "2025-01-22T01:11:30.802Z",
    "dateRejected": "2025-07-18T23:02:35.042Z",
    "dateReserved": "2025-01-10T19:05:52.772Z",
    "dateUpdated": "2025-07-18T23:02:35.042Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-23090\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2025-01-22T02:15:34.443\",\"lastModified\":\"2025-07-18T23:15:22.337\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"rejectedReasons\": [{\"value\": \"This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.\", \"lang\": \"en\"}], \"replacedBy\": [\"CVE-2025-23083\"], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2025-07-18T23:02:35.042Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-23090\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"state\": \"REJECTED\", \"assignerShortName\": \"hackerone\", \"dateReserved\": \"2025-01-10T19:05:52.772Z\", \"datePublished\": \"2025-01-22T01:11:30.802Z\", \"dateUpdated\": \"2025-07-18T23:02:35.042Z\", \"dateRejected\": \"2025-07-18T23:02:35.042Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-23090

Vulnerability from fkie_nvd

Published

2025-01-22 02:15

Modified

2025-07-18 23:15

Severity ?

Summary

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.

References

▼	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083."
    }
  ],
  "id": "CVE-2025-23090",
  "lastModified": "2025-07-18T23:15:22.337",
  "metrics": {},
  "published": "2025-01-22T02:15:34.443",
  "references": [],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Rejected"
}

ghsa-5vvm-wqc8-r5m8

Vulnerability from github

Published

2025-01-22 03:30

Modified

2025-01-22 03:30

Severity ?

7.7 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.

This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.

Show details on source website