CVE-2025-57285

Published: Sep 8, 2025

Modified: Sep 8, 2025

PUBLISHED

Description

codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.npmjs.com

https://gist.github.com/Dremig/1ba111f9b1f7cffe1fcb4838b64e55b9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57285

Description

Affected Products

References