A vulnerability in the Axios HTTP client (CVE-2025-58754) allows attackers to trigger denial-of-service in Node.js applications by exploiting unbounded memory allocation when decoding `data:` URIs. This flaw bypasses existing safeguards and can cause out-of-memory crashes with a single crafted request. Upgrading to Axios version 1.12.0 is strongly recommended.
Latest mentioned: 09-12
Earliest mentioned: 09-12