-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with a updated versions of NodeJS 20 and NodeJS 22. This release addresses vulnerabilities related to CVE-2025-23166, CVE-2025-23167, CVE-2025-23165, and CVE-2023-49582. We strongly encourage all NodeJS 20 users update to version 20.19.2 and all NodeJS 22 users to update to version 22.15.1.

 
AFFECTED VERSIONS
All versions of NodeJS 20 through 20.19.1.
All versions of NodeJS 22 through 22.15.0.


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2025-23166 - HIGH
NodeJS 20.19.2
Fixed vulnerability related to CVE-2025-23166.

NodeJS 22.15.1
Fixed vulnerability related to CVE-2025-23166.


CVE-2025-23165 - LOW
NodeJS 20.19.2
Fixed vulnerability related to CVE-2025-23165.

NodeJS 22.15.1
Fixed vulnerability related to CVE-2025-23165.


CVE-2025-23167 - MEDIUM
NodeJS 20.19.2
Fixed vulnerability related to CVE-2025-23167.



SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 25.16 on 2025 May 21, with NodeJS 20 version 20.19.2 and NodeJS 22 version 22.15.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2025-23166
https://www.cve.org/CVERecord?id=CVE-2025-23165
https://www.cve.org/CVERecord?id=CVE-2025-23167
https://github.com/nodejs/node/releases/tag/v20.19.2
https://github.com/nodejs/node/releases/tag/v22.15.1

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmguCbcACgkQlSG+3KvZ
Td9PRxAAxEkiS4RZqk7IE4j7f7jZQI/oGYNrwj8KlNeUiR5taclbszFYID7jgmIp
FTTo2yBfFTLSy1DGj/F3+vYZP4WyxDfCxmTYUDMAjnvADVvTM13ZgREBEP8HN3cw
8kKaulsX6axoHEZS4Be/yW62yoC1srXSSeD46JrGCPAnAABoqzLzgr3fM1f+Ztj0
O83wBY1bdrmRVcMnoAlag5Vh6I9cPoqJOv+O8EU+U7RtsvRhhQAQ78YWYq6Iu9sg
okx5FSXz5wRkxrN/epuPlsRjcY5k5EzH189RuZi78huKIaBuTNbE7KZYAYBtjESC
rkdYE4sA/I64qxNUKn3XT7tv8vJNtCKE+4zQpXIa841c6GCtJI2C/wTumx2yIErI
VvShtWYisz6sSUfEoZvd9trDsk5fr9RtT9SFWrS84uHhQ8dswEGVaamWej76+DAN
QGLsgaQas0vLttNrMKDWtjOMtpY0JAvMOFTV3iNy9/Bb6DH8r53cZ5Dk9yraP1Ab
0eXaD9fZTMqTKkxMZnCGkxaTMFYQLWmhTQHn+H4J5NRchIJPPVVmM4WoIiu1Lyq2
w43csALAJslaLLYB6XYPnI0znENv0USl7iBcN3fZmRBJzgIRVRQHUToUx4ml7CVt
ibCFwxVWfmRl0WzZQiH1ThyV2YUC0/eitz8obEhOy29l1BbR+OI=
=hUQ0
-----END PGP SIGNATURE-----