Skip to main content

EasyApache4 v25.43 Security and Maintenance Release

cPRex Jurassic Moderator

WebPros has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

Security Updates

ea-nodejs20

Previous Version: v20.19.6
New Version: v20.20.0
Case: EA-13314
Security Fixes:

  • CVE-2025-55132 - HTTP Request Smuggling vulnerability in permission model

  • CVE-2025-59465 - TLSSocket default error handler vulnerability

This is an upstream security release published on January 13, 2026.

ea-nodejs22

Previous Version: v22.21.1
New Version: v22.22.0
Case: EA-13315
Security Fixes:

  • CVE-2025-55132 - HTTP Request Smuggling vulnerability in permission model

  • CVE-2025-59465 - TLSSocket default error handler vulnerability

This is an upstream security release published on January 13, 2026.

Maintenance Updates

ea-nginx-njs

Previous Version: v0.9.4
New Version: v0.9.5
Case: EA-13313
Changes: Update ea-nginx-njs from v0.9.4 to v0.9.5

ea-cpanel-tools

Case: EA4-210
Changes: Add oldest_supported_version field in ea4-metainfo.json

  • Set to PHP 8.2 (PHP 8.1 EOL end of 2025)

  • Enables better PHP EOL tracking without ULC changes

  • Supports CPANEL-50066 & CPANEL-50077

Security Advisory

Severity: HIGH
Impact: All users running Node.js 20.x or 22.x should update immediately

The HTTP Request Smuggling vulnerability (CVE-2025-55132) and TLSSocket error handler issue (CVE-2025-59465) affect both LTS versions of Node.js. These security releases were published upstream on January 13, 2026.

CVE Details

CVE-2025-55132: HTTP Request Smuggling in permission model

  • Vulnerability allows attackers to bypass permission checks when --experimental-permission flag is enabled

  • Affects the futimes system call handling

CVE-2025-59465: TLSSocket default error handler vulnerability

  • Missing default error handler in TLSSocket can cause process crashes

  • Affects applications using TLS connections

Recommendation: Update to EA4 v25.43 as soon as possible to receive these critical security patches.

Comments

0 comments

Post is closed for comments.

Didn't find what you were looking for?

New post