cve 2025 58754

About this tag
CVE-2025-58754 is a denial-of-service vulnerability in Axios, a popular HTTP client for JavaScript. The flaw affects Axios's Node.js adapter, which can decode arbitrarily large data URIs into memory, bypassing configured size limits. This allows attackers to crash processes by sending oversized data URIs. The vulnerability has been fixed in Axios versions 1.12.0 and 0.30.2. Users are advised to upgrade to these versions to mitigate the risk. The issue is particularly critical for applications that forward untrusted URLs to Axios, as it can lead to process crashes and service disruption.
  1. CVE-2025-58754: Axios Data URI DoS and How to Safely Upgrade

    Axios’s Node.js adapter will happily decode arbitrarily large data: URIs into memory, bypassing configured size limits and giving attackers an easy way to crash processes — a denial‑of‑service weakness tracked as CVE‑2025‑58754 that has been fixed in recent releases but remains a high‑risk issue...