VYPR
Critical severityNVD Advisory· Published Sep 8, 2025· Updated Sep 8, 2025

CVE-2025-57285

CVE-2025-57285

Description

codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
codeceptjsnpm
>= 3.5.0, < 3.7.53.7.5

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.