{"id":"CVE-2025-23166","details":"The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.","aliases":["BIT-node-2025-23166","BIT-node-min-2025-23166"],"modified":"2026-03-23T05:02:23.246674916Z","published":"2025-05-19T02:15:17Z","related":["ALSA-2025:8467","ALSA-2025:8468","ALSA-2025:8493","ALSA-2025:8506","ALSA-2025:8514","CGA-vv7x-rh59-x526","MGASA-2025-0161","SUSE-SU-2025:01878-1","SUSE-SU-2025:01879-1","SUSE-SU-2025:02039-1","SUSE-SU-2025:02045-1","openSUSE-SU-2025:15250-1","openSUSE-SU-2025:15802-1"],"references":[{"type":"ARTICLE","url":"https://nodejs.org/en/blog/vulnerability/may-2025-security-releases"}],"schema_version":"1.7.3"}