{"id":9408,"date":"2025-12-07T22:37:56","date_gmt":"2025-12-07T22:37:56","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=9408"},"modified":"2025-12-07T22:37:59","modified_gmt":"2025-12-07T22:37:59","slug":"advanced-hunting-to-find-node-versions-for-cve-2025-66478","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/advanced-hunting-to-find-node-versions-for-cve-2025-66478","title":{"rendered":"Advanced Hunting to find Node versions for CVE-2025-66478"},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code class=\"\">DeviceProcessEvents\n| where Timestamp > ago(7d)\n| where FileName == \"node.exe\"  \/\/ Focus on Node.js binary\n| extend VersionParts = split(ProcessVersionInfoProductVersion, '.')\n| extend Major = toint(VersionParts[0]),\n         Minor = toint(VersionParts[1]),\n         Build = toint(VersionParts[2]),\n         Revision = toint(VersionParts[3])\n| where isnotnull(Major) and Major >= 18 and (Major > 18 or Minor >= 17)  \/\/ Only shows versions >=18.17.0 (affected for Next.js 15.x\/16.x\/14.3.0-canary.77+)\n| extend NodeVersion = ProcessVersionInfoProductVersion\n| summarize LatestTimestamp = max(Timestamp), SampleCommandLine = any(ProcessCommandLine), NodeVersion = any(NodeVersion) by DeviceName\n| project DeviceName, LatestTimestamp, NodeVersion, SampleCommandLine\n| order by LatestTimestamp desc\n| take 100<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9408","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9408","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=9408"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9408\/revisions"}],"predecessor-version":[{"id":9409,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9408\/revisions\/9409"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=9408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=9408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=9408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}