Node.js has released critical security updates for versions 25.8.2, 24.14.1 LTS, and 22.22.2 LTS, addressing several high-severity vulnerabilities that could lead to permission bypasses and potential crashes. The updates include fixes for seven distinct CVEs, focusing on improving security in file system operations and preventing side-channel attacks during TLS handshakes. Developers are urged to update immediately using version managers to ensure their applications are secure before deploying to production. It's recommended to test the new runtime in a staging environment and check for outdated dependencies before going live with the patched binaries

Node.js 25.8.2, 24.14.1 LTS, and 22.22.2 LTS released

Node.js has pushed out a critical security update for versions 25, 24, and 22 that patches several high-severity vulnerabilities. These fixes address dangerous issues like permission bypasses in file system operations and potential crashes during TLS handshakes or URL parsing. Ignoring this patch leaves applications exposed to side-channel attacks that could leak secrets or allow unauthorized access to local resources. Teams should switch to the new binaries immediately using their preferred version manager before deploying to production environments.

Node.js 25.8.2, 24.14.1 LTS, and 22.22.2 LTS released @ Linux Compatible