[Bug]: CVE-2025-55130 #21959
Description
Check for existing issues
- I have searched the existing issues and checked that my issue is not a duplicate.
What happened?
Detected CVE-2025-55130 during a Prisma security scan of the Docker image. The report indicates that Node.js needs to be updated to resolve this.
Steps to Reproduce
Run prisma.
Relevant log output
+------------------+----------+------+-----------+---------+---------------------------------------+-----------+------------+----------------------------------------------------+
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION |
+------------------+----------+------+-----------+---------+---------------------------------------+-----------+------------+----------------------------------------------------+
| CVE-2025-55130 | critical | 9.10 | node | 24.12.0 | fixed in 25.3.0, 24.13.0, 22.22.0,... | 33 days | < 1 hour | A flaw in Node.js’s Permissions model allows |
| | | | | | 19 days ago | | | attackers to bypass `--allow-fs-read` and |
| | | | | | | | | `--allow-fs-write` restrictions using crafted |
| | | | | | | | | relative symlin... |
+------------------+----------+------+-----------+---------+---------------------------------------+-----------+------------+----------------------------------------------------+What part of LiteLLM is this about?
UI Dashboard
What LiteLLM version are you on ?
ghcr.io/berriai/litellm-database:main-v1.81.12-stable
Twitter / LinkedIn details
No response