CVE Vulnerabilities

CVE-2025-53620

Uncaught Exception

Published: Jul 09, 2025 | Modified: Jul 09, 2025

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Vulnerability-free packages from our partners

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-53620
CWE	https://cwe.mitre.org/data/definitions/248.html

@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS to exit. This vulnerability is fixed in 1.13.0.

Weakness

An exception is thrown from a function, but it is not caught.

References

https://github.com/QwikDev/qwik/security/advisories/GHSA-qr9h-j6xg-2j72

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.