vulnerability
Red Hat JBoss EAP: CVE-2025-54798: Link Following
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:S/C:N/I:P/A:N) | Aug 7, 2025 | Aug 11, 2025 | Nov 26, 2025 |
Severity
2
CVSS
(AV:L/AC:M/Au:S/C:N/I:P/A:N)
Published
Aug 7, 2025
Added
Aug 11, 2025
Modified
Nov 26, 2025
Description
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.. A flaw was found in tmp. The `tmp` module, used for creating temporary files and directories in Node.js, allows an arbitrary temporary file or directory write due to insufficient validation of the symbolic link parameter. This vulnerability allows a local attacker to provide a crafted symbolic link. This issue allows the creation of temporary files or directories at attacker-specified locations, potentially leading to unexpected behavior.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-59
- CVE-2025-54798
- https://attackerkb.com/topics/CVE-2025-54798
- URL-https://access.redhat.com/security/cve/CVE-2025-54798
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2386976
- URL-https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b
- URL-https://github.com/raszi/node-tmp/issues/207
- URL-https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.