{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-69211","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-12-29T15:00:11.973Z","datePublished":"2025-12-29T16:01:22.801Z","dateUpdated":"2025-12-29T16:50:02.429Z"},"containers":{"cna":{"title":"Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)","problemTypes":[{"descriptions":[{"cweId":"CWE-367","lang":"en","description":"CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":6.9,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U","version":"4.0"}}],"references":[{"name":"https://github.com/nestjs/nest/security/advisories/GHSA-8wpr-639p-ccrj","tags":["x_refsource_CONFIRM"],"url":"https://github.com/nestjs/nest/security/advisories/GHSA-8wpr-639p-ccrj"},{"name":"https://github.com/nestjs/nest/commit/c4cedda15a05aafec1e6045b36b0335ab850e771","tags":["x_refsource_MISC"],"url":"https://github.com/nestjs/nest/commit/c4cedda15a05aafec1e6045b36b0335ab850e771"}],"affected":[{"vendor":"nestjs","product":"nest","versions":[{"version":"< 11.1.11","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-12-29T16:01:22.801Z"},"descriptions":[{"lang":"en","value":"Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses `@nestjs/platform-fastify`; relies on `NestMiddleware` (via `MiddlewareConsumer`) for security checks (authentication, authorization, etc.), or through `app.use()`; and applies middleware to specific routes using string paths or controllers (e.g., `.forRoutes('admin')`). Exploitation can result in unauthenticated users accessing protected routes, restricted administrative endpoints becoming accessible to lower-privileged users, and/or middleware performing sanitization or validation being skipped. This issue is patched in `@nestjs/platform-fastify@11.1.11`."}],"source":{"advisory":"GHSA-8wpr-639p-ccrj","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-29T16:49:53.144372Z","id":"CVE-2025-69211","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-29T16:50:02.429Z"}}]}}