CVE-2025-59436

Published September 16th, 2025

View on NVD ↗

CVSS v3

3.2

LOW

CVSS v2

N/A

Affected

PROJECT

Description

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.

indutny/node-ip

IP address tools for node.js

GitHub

1.54K