axios for Root:npm: Unauthenticated Data Exposure through Request Headers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

axios for Root:npm: Unauthenticated Data Exposure through Request Headers

ROOT-APP-NPM-CVE-2025-62718

Summary

The axios package for Root:npm allows an attacker to access sensitive data without needing a valid login. This issue affects users of Root's npm package and has been fixed in a newer version, which should be installed to prevent potential data breaches.

What to do

Update rootio @rootio/axios to version 1.13.5-root.io.1.
Update rootio @rootio/axios to version 1.7.9-root.io.6.
Update rootio @rootio/axios to version 1.11.0-root.io.7.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:npm	rootio	@rootio/axios	< 1.13.5-root.io.1 < 1.7.9-root.io.6 < 1.11.0-root.io.7 Fix: upgrade to 1.13.5-root.io.1

Original title

CVE-2025-62718 in @rootio/axios - Patched by Root

Original description

Root has patched CVE-2025-62718 in the @rootio/axios package for Root:npm. Multiple fixed versions available.

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 10 Apr 2026