Node.js patches mitigate async_hooks stack overflow DoS risk
Node.js released patches for a critical vulnerability where async_hooks can cause a stack-overflow DoS, with the runtime exiting on code 7 instead of a catchable error; it affects many apps and frameworks (including React Server Components and Next.js) and APMs, tracked as CVE-2025-59466 (CVSS 7.5). Updates are available in Node.js 20.20.0+, 22.22.0+, 24.13.0+, and 25.3.0, while older 8.x–18.x remain EOL. Upgrade promptly and apply stronger stack-space protections; other high-severity fixes were released too.