A critical security vulnerability has been discovered in the popular Axios HTTP client library that allows attackers to crash Node.js applications through malicious data URL handling.
The flaw, tracked as CVE-2025-58754, affects all versions of Axios before 1.11.0 and has been assigned a CVSS 3.1 score of 7.5, indicating high severity.
Vulnerability Mechanics
https://gbhackers.com/axios-vulnerability/