Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Root's axios Package Exposes Unsecured Data
ROOT-APP-NPM-CVE-2025-58754
Summary
A security patch has been released for the axios package, which is used in Root's npm repository. This patch fixes a vulnerability that could allow unauthorized access to sensitive information. If you use axios, update to a patched version to ensure your data remains secure.
What to do
- Update rootio @rootio/axios to version 1.7.9-root.io.6.
- Update rootio @rootio/axios to version 1.11.0-root.io.7.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:npm | rootio | @rootio/axios |
< 1.7.9-root.io.6 < 1.11.0-root.io.7 Fix: upgrade to 1.7.9-root.io.6
|
Original title
CVE-2025-58754 in @rootio/axios - Patched by Root
Original description
Root has patched CVE-2025-58754 in the @rootio/axios package for Root:npm. Multiple fixed versions available.
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026