CVE-2025-53620: Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests

July 9, 2025

Possibility to craft a request that will crash the Qwik Server in the default configuration.

References

github.com/QwikDev/qwik
github.com/QwikDev/qwik/pull/7342
github.com/QwikDev/qwik/releases/tag/%40builder.io%2Fqwik%401.13.0
github.com/QwikDev/qwik/security/advisories/GHSA-qr9h-j6xg-2j72
github.com/advisories/GHSA-qr9h-j6xg-2j72
nvd.nist.gov/vuln/detail/CVE-2025-53620

Code Behaviors & Features

Detect and mitigate CVE-2025-53620 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →