Description

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

INFO

Published Date :

2025-08-07T00:04:35.370Z

Last Modified :

2025-11-03T20:06:39.242Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54798 vulnerability.

Vendors Products
Raszi
  • Node-tmp
  • Tmp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54798.

URL Resource
https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b cve-icon cve-icon cve-icon
https://github.com/raszi/node-tmp/issues/207 cve-icon cve-icon cve-icon
https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6 cve-icon cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-54798 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-54798 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact