Moderate severityNVD Advisory· Published Jan 28, 2026· Updated Jan 29, 2026

CVE-2025-57283

Description

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
browserstack-localnpm	< 1.5.9	1.5.9

Affected products

Naturalintelligence/Browserstack Localinferred
Range: =1.5.8"
Package: https://npmjs.com/package/browserstack-local

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-g4w6-c99w-4wh7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-57283ghsaADVISORY
gist.github.com/Dremig/b639c61541dd1482007dc7a5cd7fefb1ghsaWEB
github.com/browserstack/browserstack-local-nodejs/issues/168ghsaWEB
www.npmjs.comghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000