Critical severityNVD Advisory· Published Sep 8, 2025· Updated Sep 8, 2025
CVE-2025-57285
CVE-2025-57285
Description
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
codeceptjsnpm | >= 3.5.0, < 3.7.5 | 3.7.5 |
Affected products
2Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.