Critical severity9.8OSV Advisory· Published Aug 19, 2025· Updated Apr 15, 2026
CVE-2025-55294
CVE-2025-55294
Description
screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
screenshot-desktopnpm | < 1.15.2 | 1.15.2 |
Affected products
2- Range: v1.0.0, v1.1.0, v1.10.0, …
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.