NVD CRITICAL: CVE-2025-62718 — Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15....
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force re
CVE-2025-62718