Description

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers would be stored within a Sentry organization as part of the associated trace. A person with access to the Sentry organization could then view and use these sensitive values to impersonate or escalate their privileges within the application. This issue has been patched in version 10.27.0.

INFO

Published Date :

2025-11-25T00:23:53.215Z

Last Modified :

2025-11-25T14:33:37.980Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65944 vulnerability.

Vendors Products
Getsentry
  • Sentry
Sentry
  • Sentry
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65944.

URL Resource
https://github.com/getsentry/sentry-javascript/commit/a820fa2891fdcf985b834a5b557edf351ec54539 cve-icon cve-icon
https://github.com/getsentry/sentry-javascript/pull/17475 cve-icon cve-icon
https://github.com/getsentry/sentry-javascript/releases/tag/10.11.0 cve-icon cve-icon
https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-6465-jgvq-jhgp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability