Hi,CVE-2025-23167 affects llhttp library. Starting from node-undici 7.15.0+dfsg+~cs3.2.0-1, llhttp has been removed from node-undici and is built as separated package. Therefor this CVE doesn't affect node-undici on trixie, forky and sid.
The llhttp package isn't affected (already mentionned insecurity tracker) Best regards, Xavier
