CVE-2025-47279 is a vulnerability identified in the 'undici' HTTP/1.1 client library for Node.js, specifically affecting versions prior to 5.29.0, versions from 6.0.0 up to but not including 6.21.2, and versions from 7.0.0 up to but not including 7.5.0. The vulnerability is classified under CWE-401, which relates to missing release of memory after its effective lifetime, commonly known as a memory leak. The issue arises when an application uses undici to implement webhook-like functionality. If an attacker sets up a malicious server with an invalid TLS certificate and forces the application to repeatedly call the webhook, the undici client fails to properly release allocated memory after each failed connection attempt. This repeated failure leads to a gradual increase in memory consumption, potentially exhausting system resources over time. The vulnerability does not impact confidentiality or integrity but affects availability due to the memory leak. The CVSS v3.1 score is 3.1, indicating a low severity, with an attack vector over the network, high attack complexity, requiring low privileges, no user interaction, and only impacting availability. The issue has been patched in undici versions 5.29.0, 6.21.2, and 7.5.0. As a temporary mitigation, it is recommended to avoid repeatedly calling webhooks that fail, especially when the failure is due to invalid certificates. No known exploits are currently reported in the wild. This vulnerability primarily affects applications that rely on undici for HTTP client functionality in Node.js environments, particularly those implementing webhook mechanisms that may interact with untrusted or misconfigured servers.

For European organizations, the impact of this vulnerability is primarily on the availability and stability of Node.js applications using the undici HTTP client for webhook implementations. Organizations that rely on webhook integrations for critical business processes, such as payment processing, real-time notifications, or automated workflows, may experience degraded service or application crashes due to memory exhaustion if targeted by an attacker exploiting this vulnerability. While the severity is low, persistent exploitation could lead to denial of service conditions, impacting operational continuity. This is particularly relevant for sectors with high reliance on Node.js microservices and webhook-based architectures, such as fintech, e-commerce, and digital services providers. However, since exploitation requires repeated webhook calls to a malicious server with an invalid certificate, the attack complexity is high, and the attacker needs some level of access or influence over webhook endpoints. The vulnerability does not compromise data confidentiality or integrity, but the availability impact could disrupt services and cause reputational damage or financial loss if not mitigated.

1. Upgrade undici to the patched versions: 5.29.0, 6.21.2, or 7.5.0 as soon as possible to eliminate the memory leak issue. 2. Implement robust webhook failure handling logic to avoid repeated calls to webhooks that fail due to certificate errors or other connection issues. This can include exponential backoff, circuit breaker patterns, or disabling webhook retries after a threshold of failures. 3. Validate and monitor webhook endpoints to ensure they use valid TLS certificates and are not susceptible to man-in-the-middle or spoofing attacks. 4. Employ runtime monitoring and alerting on memory usage for Node.js applications using undici, enabling early detection of abnormal memory growth indicative of exploitation attempts. 5. Restrict network access to webhook endpoints where feasible, limiting exposure to potentially malicious servers. 6. Conduct security reviews of third-party webhook integrations and ensure that they follow best practices for certificate validation and error handling. These measures, combined with timely patching, will reduce the risk of exploitation and maintain application availability.