CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array.

CVSS v3 3.4 LOW

3.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cna.openjsf.org/security-advisories.html
https://github.com/expressjs/morgan/issues/315
https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867
https://github.com/jshttp/on-headers/issues/15
https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) on-headers es un middleware de Node.js que detecta cuándo una respuesta escribe encabezados. Un error en las versiones de on-headers anteriores a la 1.1.0 puede provocar que los encabezados de respuesta se modifiquen accidentalmente al pasar una matriz a `response.writeHead()`. Los usuarios deben actualizar a la versión 1.1.0 para recibir una corrección. Se recomienda encarecidamente actualizar a la versión 1.1.0, pero este problema se puede solucionar pasando un objeto a `response.writeHead()` en lugar de una matriz.

17 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-7339

Mitre link : CVE-2025-7339

CVE.ORG link : CVE-2025-7339

JSON object : View

Products Affected

No product.

CWE

CWE-241

Improper Handling of Unexpected Data Type

{"id": "CVE-2025-7339", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ce714d77-add3-4f53-aff5-83d477b104bb", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.8}]}, "published": "2025-07-17T16:15:35.403", "references": [{"url": "https://cna.openjsf.org/security-advisories.html", "source": "ce714d77-add3-4f53-aff5-83d477b104bb"}, {"url": "https://github.com/expressjs/morgan/issues/315", "source": "ce714d77-add3-4f53-aff5-83d477b104bb"}, {"url": "https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867", "source": "ce714d77-add3-4f53-aff5-83d477b104bb"}, {"url": "https://github.com/jshttp/on-headers/issues/15", "source": "ce714d77-add3-4f53-aff5-83d477b104bb"}, {"url": "https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q", "source": "ce714d77-add3-4f53-aff5-83d477b104bb"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "ce714d77-add3-4f53-aff5-83d477b104bb", "description": [{"lang": "en", "value": "CWE-241"}]}], "descriptions": [{"lang": "en", "value": "on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`.\u00a0Users should upgrade to version 1.1.0 to receive a patch.\u00a0Uses are strongly encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array."}, {"lang": "es", "value": "on-headers es un middleware de Node.js que detecta cu\u00e1ndo una respuesta escribe encabezados. Un error en las versiones de on-headers anteriores a la 1.1.0 puede provocar que los encabezados de respuesta se modifiquen accidentalmente al pasar una matriz a `response.writeHead()`. Los usuarios deben actualizar a la versi\u00f3n 1.1.0 para recibir una correcci\u00f3n. Se recomienda encarecidamente actualizar a la versi\u00f3n 1.1.0, pero este problema se puede solucionar pasando un objeto a `response.writeHead()` en lugar de una matriz."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "ce714d77-add3-4f53-aff5-83d477b104bb"}