CVE-2025-54134: HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service
(updated )
The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints.
References
- github.com/advisories/GHSA-pjj3-j5j6-qj27
- github.com/haxtheweb/haxcms-nodejs
- github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js
- github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js
- github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34
- github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27
- nvd.nist.gov/vuln/detail/CVE-2025-54134
Code Behaviors & Features
Detect and mitigate CVE-2025-54134 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →