CVE-2025-54798: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
(updated )
tmp@0.2.3 is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter.
References
- github.com/advisories/GHSA-52f5-9888-hmc6
- github.com/raszi/node-tmp
- github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b
- github.com/raszi/node-tmp/issues/207
- github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
- lists.debian.org/debian-lts-announce/2025/08/msg00007.html
- nvd.nist.gov/vuln/detail/CVE-2025-54798
Code Behaviors & Features
Detect and mitigate CVE-2025-54798 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →