CVE-2025-58754 is a high-severity vulnerability affecting Axios, a promise-based HTTP client for the browser and Node.js. This vulnerability allows an attacker to supply a very large `data:` URI, causing the Axios process to allocate unbounded memory, leading to a potential denial-of-service (DoS) condition. The issue arises in versions 0.28.0 through 0.30.2 and 1.12.0, where the Node.js http adapter fails to enforce `maxContentLength` / `maxBodyLength` against `data:` URIs.
With a CVSS score of 7.5, the severity of this vulnerability is significant, especially as it allows attackers to crash the application by overwhelming it with large payloads. The exploitability of this vulnerability is classified as high, which necessitates immediate attention from organizations using Axios in their applications.
Organizations should prioritize patching immediately. The affected versions are 0.28.0 to 0.30.2 and 1.12.0, with the patches available in versions 0.30.2 and 1.12.0. Failure to address this vulnerability could result in significant operational disruptions.
The vulnerability was published on September 12, 2025, and has been modified since its release. Security teams are advised to assess their implementation of Axios and apply the necessary updates promptly.
Vulnerability Details
The official CVE description states that when Axios is given a URL with the `data:` scheme, it does not perform HTTP. Instead, it decodes the payload into memory and returns a synthetic 200 response, ignoring important content length restrictions. This flaw leads to a potential crash of the application (DoS) when large data URIs are supplied.
The vulnerability is classified under CWE-770, indicating insufficiently enforced restrictions on the size of input data. The CVSS score of 7.5 categorizes it as high severity, which reflects the significant impact it can have on the availability of affected systems.
The affected product is Axios, with the vulnerability impacting versions 0.28.0 to 0.30.2 and 1.12.0. Organizations should ensure they update to at least version 0.30.2 or 1.12.0 to mitigate this risk.
Technical Analysis
The root cause of this vulnerability lies in the way Axios handles `data:` URIs. When such a URI is processed, the application does not enforce the `maxContentLength` and `maxBodyLength` parameters that are normally applied to HTTP responses. This oversight allows attackers to send extremely large payloads, which are decoded into memory without any limits.
The attack vector is over the network, with low attack complexity since no special privileges or user interaction is required to exploit this vulnerability. The impact on availability is rated as high because successful exploitation can lead to application crashes, resulting in service downtime.
Risk & Impact Analysis
Risk to organizations includes significant operational disruption due to the potential for denial-of-service attacks. If vulnerabilities like this are exploited, the application's ability to serve requests can be severely impacted, leading to downtime and potentially lost revenue.
The blast radius for this vulnerability is broad, especially for organizations that rely heavily on Axios in their web applications or services. Given the increasing reliance on cloud-based services and microservices, the impact can scale quickly.
Organizations should assess their exposure to this vulnerability based on their use of Axios and prioritize patching according to their risk management protocols. Given the high CVSS score and exploitability, this vulnerability should be treated with urgency.
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The affected versions of Axios are 0.28.0 through 0.30.2 and 1.12.0. Organizations are advised to upgrade to at least version 0.30.2 or 1.12.0 to mitigate this vulnerability.
Mitigation & Remediation
To remediate this vulnerability, organizations should upgrade Axios to versions 0.30.2 or 1.12.0, which contain the necessary patches to enforce `maxContentLength` for `data:` URLs. If upgrading is not possible, organizations should implement strict input validation and limit the use of `data:` URIs.
Effective monitoring and logging should also be established to detect unusual patterns that may indicate attempts to exploit this vulnerability. Regular security assessments and penetration testing can help identify weaknesses in the application.
For further guidance, organizations may consider leveraging penetration testing to validate their security posture.
Detection Guidance
Organizations should monitor logs for any unusual input patterns related to `data:` URIs. Indicators of potential exploitation may include unusually large payloads being processed by the Axios client. Additionally, behavioral anomalies in application performance may signal the presence of this vulnerability being exploited.
Network signatures should be established to identify requests containing `data:` URIs with excessive payload sizes. Security teams should also be vigilant for any changes in system performance that could indicate a denial-of-service attack.
AppSecure Threat Intelligence Insight
The long-term significance of CVE-2025-58754 highlights the critical nature of input validation in application security. This vulnerability serves as a reminder of the potential risks associated with improper handling of user-supplied data, especially in web applications.
As organizations increasingly rely on third-party libraries like Axios, it becomes essential to maintain updated software versions and conduct regular security assessments. This vulnerability exemplifies the importance of proactive security measures to prevent exploitation.
Security teams should learn from this vulnerability to reinforce their defensive strategies. Consider implementing robust security practices, including vulnerability management programs and regular penetration testing to identify and mitigate similar risks in the future.
Lastly, organizations should not overlook the value of continuous security assessments. By adopting a proactive security stance, organizations can significantly reduce their exposure to vulnerabilities like CVE-2025-58754.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)