CVE-2025-23084

EIP tracks 1 public exploit for CVE-2025-23084. PoCs published by AikidoSec.

AI-analyzed exploit summary This repository contains functional exploit PoCs for multiple CVEs, including a JavaScript injection vulnerability (AIKIDO-2026-10165) and a path traversal vulnerability (CVE-2014-3744). The PoCs demonstrate the vulnerabilities and validate that the Aikido Zen Firewall blocks them.

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.