-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with updated versions of NodeJS 18, NodeJS 20, and NodeJS 22. This release addresses vulnerabilities related to CVE-2025-23083, CVE-2025-23084, and CVE-2025-23085. We strongly encourage all NodeJS 18 users to update to version 18.20.6, all NodeJS 22 users to update to version 22.13.1 and all NodeJS 20 users to update to version 20.18.2.

 
AFFECTED VERSIONS
All versions of NodeJS 18 through 18.20.5
All versions of NodeJS 20 through 20.18.1.
All versions of NodeJS 22 through 22.13.0.


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:


CVE-2025-23083 - MEDIUM
NodeJS 20
Fixed vulnerability related to CVE-2025-23083

NodeJS 22
Fixed vulnerability related to CVE-2025-23083


CVE-2025-23084 - MEDIUM
NodeJS 18
Fixed vulnerability related to CVE-2025-23084

NodeJS 20
Fixed vulnerability related to CVE-2025-23084

NodeJS 22
Fixed vulnerability related to CVE-2025-23084

CVE-2025-23085 - MEDIUM
NodeJS 18
Fixed vulnerability related to CVE-2025-23085

NodeJS 20
Fixed vulnerability related to CVE-2025-23085

NodeJS 22
Fixed vulnerability related to CVE-2025-23085


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 25.4 on January 29, 2025, with NodeJS versions 18.20.6, 20.18.2 and 22.13.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2025-23083
https://www.cve.org/CVERecord?id=CVE-2025-23084
https://www.cve.org/CVERecord?id=CVE-2025-23085
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.13.1
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmeajRQACgkQlSG+3KvZ
Td/87BAAlVI5Z0yjoCouIlN52qKWP8vJ8Smwg4XRl/TRBIUdmswd2+xjojrpNa7C
i0VxG85nlmLwtDy4Yj7DDtCyuxj10C1gbPpSQCb0xxRuNAugvjNee7BvP1tGLKNi
BWHs9HBzJqUng4AkITgRqwpMWThuBMHOL93Ymm7X/42vcXb8Sa+QpaHykpfvOInv
WgRd1izi9IsOwZdhlJIPOfuCSw0TJmpSHDK+u2xRD6tYtrd6iPtcgMjRz51Y8eia
zgsptwvQXtJs0wlN0vLczY1rp2KR1QQWIuo6Kg0hoaQeSgzQHjBzGWUpmLyWTRxW
btGhJf/CGXRateEYLsTuOIzGMndkFOpKQK/RHFLdyEgxAojlMb+IVztgnKHr98XF
0zJjTQxn1M0822eR06KeBhhvkwb/jd/YZb69DnS0MazxRztt9pnRntVc3/hmc9Xp
v9egN9La3CJhf++WkeNbAvgexrMhrVYHEsi355hGMGp+Y0qlvz/k2zIA0jkCVOID
Yt/uK0oBlIbKORHCceNRHwJ8MCFq1E3aTSSFl9uhAk/8mK8nSUEE2fTLLXbMRDOI
FeaanIR6pAinapF/9A/diVAbXMeH6XXeGZGv/xEceReGI343vCTg3oSvczbDEdfD
P/vVFNoGsZOr+IcSH1oZN9lFfolqL7h2IWDP2i4Yixc6UewB4kI=
=dp6S
-----END PGP SIGNATURE-----