Red Hat Security Advisory: nodejs:22 security update
This advisory addresses two security vulnerabilities in Node. js 22 as packaged for Red Hat Enterprise Linux 8. The first is a use-after-free vulnerability in the c-ares library (CVE-2025-31498), and the second is an integer overflow in SQLite (CVE-2025-3277). Both vulnerabilities have been rated with a high security impact by Red Hat Product Security. The update rebases Node. js 22 to the latest release to include these fixes. No CVSS score is provided in the advisory, but the severity is considered important by Red Hat. The advisory includes instructions for applying the update to affected Red Hat Enterprise Linux 8 versions. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
Red Hat Product Security released an important security update for the Node.js 22 module on Red Hat Enterprise Linux 8 addressing two vulnerabilities: a use-after-free in the c-ares library's read_answers() function (CVE-2025-31498) and an integer overflow in SQLite (CVE-2025-3277). These issues could potentially lead to memory corruption or other impacts associated with these classes of vulnerabilities (CWE-416 and CWE-122). The update rebases Node.js 22 to the latest upstream release containing these fixes. The advisory does not provide a CVSS score but rates the impact as important (high). The update is available for multiple architectures and Red Hat Enterprise Linux 8 variants. No exploits are currently known in the wild.
Potential Impact
The vulnerabilities include a use-after-free in c-ares and an integer overflow in SQLite, both components used by Node.js. These could lead to memory corruption issues, potentially allowing attackers to cause crashes or execute arbitrary code depending on the context. Red Hat rates the security impact as important (high severity). No known exploits are reported at this time.
Mitigation Recommendations
Red Hat has released an updated Node.js 22 module package for Red Hat Enterprise Linux 8 that includes fixes for these vulnerabilities. Users should apply the update as described in the Red Hat advisory (RHSA-2025:4459) and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. Since this is an official fix from Red Hat, applying the update is the recommended mitigation. No additional vendor mitigation instructions or temporary workarounds are provided.
Red Hat Security Advisory: nodejs:22 security update
Description
This advisory addresses two security vulnerabilities in Node. js 22 as packaged for Red Hat Enterprise Linux 8. The first is a use-after-free vulnerability in the c-ares library (CVE-2025-31498), and the second is an integer overflow in SQLite (CVE-2025-3277). Both vulnerabilities have been rated with a high security impact by Red Hat Product Security. The update rebases Node. js 22 to the latest release to include these fixes. No CVSS score is provided in the advisory, but the severity is considered important by Red Hat. The advisory includes instructions for applying the update to affected Red Hat Enterprise Linux 8 versions. There are no known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security released an important security update for the Node.js 22 module on Red Hat Enterprise Linux 8 addressing two vulnerabilities: a use-after-free in the c-ares library's read_answers() function (CVE-2025-31498) and an integer overflow in SQLite (CVE-2025-3277). These issues could potentially lead to memory corruption or other impacts associated with these classes of vulnerabilities (CWE-416 and CWE-122). The update rebases Node.js 22 to the latest upstream release containing these fixes. The advisory does not provide a CVSS score but rates the impact as important (high). The update is available for multiple architectures and Red Hat Enterprise Linux 8 variants. No exploits are currently known in the wild.
Potential Impact
The vulnerabilities include a use-after-free in c-ares and an integer overflow in SQLite, both components used by Node.js. These could lead to memory corruption issues, potentially allowing attackers to cause crashes or execute arbitrary code depending on the context. Red Hat rates the security impact as important (high severity). No known exploits are reported at this time.
Mitigation Recommendations
Red Hat has released an updated Node.js 22 module package for Red Hat Enterprise Linux 8 that includes fixes for these vulnerabilities. Users should apply the update as described in the Red Hat advisory (RHSA-2025:4459) and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. Since this is an official fix from Red Hat, applying the update is the recommended mitigation. No additional vendor mitigation instructions or temporary workarounds are provided.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4459
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-31498"]
- Cvss Version
- null
Threat ID: 6a1f4e89e29bf47b50083567
Added to database: 6/2/2026, 9:43:37 PM
Last enriched: 6/2/2026, 10:17:51 PM
Last updated: 6/3/2026, 5:02:45 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.