216.73.217.64

CVE-2025-54798

· Published 07/08/2025 01:15 · Modified 07/08/2025 21:26

Labels: CVE-2025-54798 2025-08-07CVE-2025-54798CWE-59[email protected]

Essential information

Published
07/08/2025 01:15
Modified
07/08/2025 21:26
Author
Creator
CVSS
2.5 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
npm / tmp cpe:2.3:a:npm:tmp:<0.2.4:*:*:*:*:*:*:*
npm / tmp cpe:2.3:a:npm:tmp:0.2.3:*:*:*:*:*:*:*

References