VYPR
Low severity2.5NVD Advisory· Published Aug 7, 2025· Updated Jun 17, 2026

CVE-2025-54798

CVE-2025-54798

Description

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tmpnpm
< 0.2.40.2.4

Affected products

108

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.