This advisory covers a security update for the Node.js 20 module on Red Hat Enterprise Linux 9.6 Extended Update Support. It addresses several vulnerabilities: a denial of service vulnerability (CVE-2025-59465), an uninitialized memory exposure (CVE-2025-55131), and a file permissions bypass (CVE-2025-55130). These vulnerabilities could impact the security of applications built on Node.js by allowing denial of service conditions, exposure of sensitive memory contents, or bypassing file permission controls. The update is classified as important by Red Hat Product Security. The advisory includes fixes for these issues and references additional CVEs related to Node.js. The affected products include multiple architectures and variants of Red Hat Enterprise Linux 9.6. The vendor advisory provides updated packages and remediation instructions.

The vulnerabilities addressed include denial of service, uninitialized memory exposure, and file permissions bypass in Node.js 20 on Red Hat Enterprise Linux 9.6. These issues could allow attackers to disrupt service availability, access sensitive memory contents, or bypass file permission restrictions, potentially compromising application security. The overall security impact is rated as important by Red Hat, indicating a high severity level that could affect system stability and confidentiality if exploited.

Red Hat has released updated Node.js 20 packages for Red Hat Enterprise Linux 9.6 Extended Update Support that fix the identified vulnerabilities. Users should apply these official updates promptly following Red Hat's published guidance at https://access.redhat.com/articles/11258. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor advisory.