How to use BigFix Inventory to discover endpoints that may be affected by axios vulnerability (CVE-2026-25639)

Usage and Config BFI
1

Overview

A high severity Denial of Service (DoS) vulnerability (CVE-2026-25639) has been identified in the widely used JavaScript HTTP client library Axios due to improper handling of configuration objects in the mergeConfig function. In addition to this vulnerability, recent threat intelligence (according to StepSecurity Technical Analysis) has revealed a supply chain attack involving malicious Axios versions, which silently install a Remote Access Trojan (RAT) on affected systems, significantly increasing the risk landscape for organizations across operating systems, including Windows, Linux, and macOS.

With BigFix Inventory (BFI) and custom CIT signatures, you can:

  • Identify vulnerable Axios versions
  • Detect library presence across endpoints
  • Flag potentially compromised or malicious versions

Vulnerability Details:

Axios versions:

  • < 0.30.3
  • = 0.30.4
  • ≥ 1.0.0
  • < 1.13.5
  • = 1.14.1

are affected by this vulnerability.

Mitigation / Safe Versions

NOTE: The following Axios versions are not affected:

  • 0.30.3
  • 1.13.5
  • 1.14.0

Detection and Remediation

Two custom CIT signatures have been created to discover if axios is deployed on your environment:

  1. Discovery Signature

  2. Vulnerability Detection Signature

The process for using CIT custom signatures:

  1. Download the signature file from URL provided under every type of discovery described.
  2. Login to BigFix Inventory.
  3. Go to Management → Catalog Customization.
  4. Import the file with the custom signature.
  5. Run an import process to allow the BFI server to process the signature and initiate the signature propagation to the endpoints.
  6. Run a software scan on the endpoints.
  7. Ensure the Upload Software Scan Result fixlet is running.
  8. Run an import process to import the scan results.
  9. Verify the results on the reports.

BigFix Inventory Team

1 Like