Red Hat Security Advisory: nodejs:22 security update
This advisory addresses two security vulnerabilities affecting Node. js as packaged in Red Hat Enterprise Linux 9. The first is a use-after-free vulnerability in the c-ares library (CVE-2025-31498), and the second is an integer overflow vulnerability in SQLite (CVE-2025-3277). Both vulnerabilities have been rated with a high security impact by Red Hat Product Security. An update to the nodejs:22 module is available to remediate these issues. The advisory provides detailed instructions for applying the update to affected Red Hat Enterprise Linux 9 systems.
AI Analysis
Technical Summary
Red Hat has issued a security update for the nodejs:22 module in Red Hat Enterprise Linux 9 to address two vulnerabilities: a use-after-free in the c-ares library's read_answers() function (CVE-2025-31498) and an integer overflow in SQLite (CVE-2025-3277). These vulnerabilities could potentially lead to memory corruption issues. The update is classified as important by Red Hat and affects multiple architectures and extended update support versions of Red Hat Enterprise Linux 9. The advisory references Red Hat's official errata RHSA-2025:7433 and provides links for applying the update.
Potential Impact
The vulnerabilities involve memory corruption issues—a use-after-free and an integer overflow—which can lead to instability or potentially allow an attacker to execute arbitrary code or cause denial of service. Red Hat rates the security impact as important (high severity). There are no known exploits in the wild at the time of the advisory. The vulnerabilities affect Node.js as packaged in Red Hat Enterprise Linux 9 across various supported architectures and update streams.
Mitigation Recommendations
Red Hat has released an official security update for the nodejs:22 module in Red Hat Enterprise Linux 9 that addresses these vulnerabilities. Users should apply the update as detailed in Red Hat advisory RHSA-2025:7433 and the referenced article https://access.redhat.com/articles/11258. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: nodejs:22 security update
Description
This advisory addresses two security vulnerabilities affecting Node. js as packaged in Red Hat Enterprise Linux 9. The first is a use-after-free vulnerability in the c-ares library (CVE-2025-31498), and the second is an integer overflow vulnerability in SQLite (CVE-2025-3277). Both vulnerabilities have been rated with a high security impact by Red Hat Product Security. An update to the nodejs:22 module is available to remediate these issues. The advisory provides detailed instructions for applying the update to affected Red Hat Enterprise Linux 9 systems.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat has issued a security update for the nodejs:22 module in Red Hat Enterprise Linux 9 to address two vulnerabilities: a use-after-free in the c-ares library's read_answers() function (CVE-2025-31498) and an integer overflow in SQLite (CVE-2025-3277). These vulnerabilities could potentially lead to memory corruption issues. The update is classified as important by Red Hat and affects multiple architectures and extended update support versions of Red Hat Enterprise Linux 9. The advisory references Red Hat's official errata RHSA-2025:7433 and provides links for applying the update.
Potential Impact
The vulnerabilities involve memory corruption issues—a use-after-free and an integer overflow—which can lead to instability or potentially allow an attacker to execute arbitrary code or cause denial of service. Red Hat rates the security impact as important (high severity). There are no known exploits in the wild at the time of the advisory. The vulnerabilities affect Node.js as packaged in Red Hat Enterprise Linux 9 across various supported architectures and update streams.
Mitigation Recommendations
Red Hat has released an official security update for the nodejs:22 module in Red Hat Enterprise Linux 9 that addresses these vulnerabilities. Users should apply the update as detailed in Red Hat advisory RHSA-2025:7433 and the referenced article https://access.redhat.com/articles/11258. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:7433
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-31498"]
- Cvss Version
- null
Threat ID: 6a1f4e89e29bf47b500832eb
Added to database: 6/2/2026, 9:43:37 PM
Last enriched: 6/2/2026, 10:17:30 PM
Last updated: 6/3/2026, 5:03:41 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.