CVE-2025-54798

Опубликовано: 07 авг. 2025

Источник: nvd

CVSS3: 2.5

CVSS3: 5.3

EPSS Низкий

Описание

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

Ссылки

https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b
Patch
https://github.com/raszi/node-tmp/issues/207
Issue Tracking
Patch
https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
Exploit
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html
https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:raszi:tmp:*:*:*:*:*:node.js:*:*

Версия до 0.2.4 (исключая)

EPSS

Процентиль: 24%

0.00078

Низкий

2.5 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-59

Связанные уязвимости

CVE-2025-54798

CVSS3: 2.5

ubuntu

4 месяца назад

CVE-2025-54798

CVSS3: 2.5

redhat

4 месяца назад

CVE-2025-54798

CVSS3: 2.5

debian

4 месяца назад

tmp is a temporary file and directory creator for node.js. In versions ...

GHSA-52f5-9888-hmc6

CVSS3: 2.5

github

4 месяца назад

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

EPSS

Процентиль: 24%

0.00078

Низкий

2.5 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-59