CVE-2025-54134: HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service

July 21, 2025

The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints.

References

github.com/advisories/GHSA-pjj3-j5j6-qj27
github.com/haxtheweb/haxcms-nodejs
github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34
github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27
nvd.nist.gov/vuln/detail/CVE-2025-54134

Code Behaviors & Features

Detect and mitigate CVE-2025-54134 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →