High severityNVD Advisory· Published Oct 14, 2025· Updated Feb 22, 2026
Playwright Spoofing Vulnerability
CVE-2025-59288
Description
Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
playwrightnpm | < 1.55.1 | 1.55.1 |
Affected products
13- osv-coords12 versionspkg:apk/chainguard/gitlab-rails-ce-19.0pkg:apk/chainguard/gitlab-rails-ce-fips-19.1pkg:apk/chainguard/langfusepkg:apk/chainguard/langfuse-compatpkg:apk/chainguard/langfuse-workerpkg:apk/chainguard/librechatpkg:apk/chainguard/librechat-compatpkg:apk/chainguard/librechat-devpkg:apk/wolfi/langfusepkg:apk/wolfi/langfuse-compatpkg:apk/wolfi/langfuse-workerpkg:npm/playwright
< 19.0.3-r1+ 11 more
- (no CPE)range: < 19.0.3-r1
- (no CPE)range: < 19.1.1-r1
- (no CPE)range: < 3.121.0-r0
- (no CPE)range: < 3.121.0-r0
- (no CPE)range: < 3.121.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.121.0-r0
- (no CPE)range: < 3.121.0-r0
- (no CPE)range: < 3.121.0-r0
- (no CPE)range: < 1.55.1
- Microsoft/microsoft/playwrightv5Range: 1.0.0
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-7mvr-c777-76hpghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59288ghsavendor-advisorypatchWEB
- nvd.nist.gov/vuln/detail/CVE-2025-59288ghsaADVISORY
- github.com/SocketDev/security-research/security/advisories/GHSA-qxm8-4v54-964rghsaWEB
- github.com/microsoft/playwright/commit/72c62d840247d9defd87c6beb0344d456794b570ghsaWEB
- github.com/microsoft/playwright/pull/37532ghsaWEB
- github.com/microsoft/playwright/releases/tag/v1.55.1ghsaWEB
- github.com/microsoft/playwright/releases/tag/v1.56.0ghsaWEB
News mentions
0No linked articles in our index yet.