CVE-2025-59464
📋 TL;DR
A memory leak vulnerability in Node.js's OpenSSL integration allows remote attackers to cause denial of service through resource exhaustion. When applications call socket.getPeerCertificate(true) with detailed certificate information, each TLS connection leaks memory, leading to steady memory growth over time. This affects any Node.js application using TLS connections with detailed certificate retrieval.
💻 Affected Systems
- Node.js
📦 What is this software?
Node.js by Nodejs
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service due to memory exhaustion, causing application crashes and service unavailability.
Likely Case
Gradual performance degradation and eventual service disruption requiring restarts.
If Mitigated
Minimal impact with proper monitoring and restart policies in place.
🎯 Exploit Status
Exploitation requires establishing repeated TLS connections, which is trivial for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: December 2025 security releases (specific version numbers in advisory)
Vendor Advisory: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Restart Required: Yes
Instructions:
1. Check current Node.js version
2. Update to patched version from December 2025 security releases
3. Restart all Node.js applications
4. Verify the fix is applied
🔧 Temporary Workarounds
Avoid detailed certificate retrieval
allModify applications to use socket.getPeerCertificate() without the detailed parameter or with it set to false
// Change from: socket.getPeerCertificate(true)
// To: socket.getPeerCertificate() or socket.getPeerCertificate(false)
Connection rate limiting
allImplement rate limiting on TLS connections to reduce memory leak accumulation
🧯 If You Can't Patch
- Implement connection rate limiting and monitoring for memory growth
- Schedule regular application restarts to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if application code calls socket.getPeerCertificate(true) and runs on affected Node.js versionsCheck Version:
node --versionVerify Fix Applied:
Verify Node.js version is from December 2025 security releases or later, and monitor memory usage during TLS connections📡 Detection & Monitoring
Log Indicators:
- Unusual memory growth patterns
- Frequent garbage collection events
- Application restarts due to memory exhaustion
Network Indicators:
- High volume of short-lived TLS connections from single sources
- Connection patterns designed to trigger certificate retrieval
SIEM Query:
source="nodejs" AND ("memory" OR "heap") AND ("growth" OR "exhaustion" OR "OOM")