CVE-2025-54798 @ Npm-tmp-0.0.24

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2025-54798) about CVE-2025-54798
**Checkmarx Project:** [cx\-boris\-goman/AutoPR](https://rel-candidate.perf.cxast.net/projects/4f3b5075-3c86-4854-8fd3-efd609980d39/overview?branch=kid)
**Repository URL:** [https://github.com/cx\-boris\-goman/AutoPR](https://github.com/cx-boris-goman/AutoPR)
**Branch:** kid
**Scan ID:** [bfaa74de\-6358\-4edb\-a528\-1d669bc0863c](https://rel-candidate.perf.cxast.net/projects/4f3b5075-3c86-4854-8fd3-efd609980d39/scans?id=bfaa74de-6358-4edb-a528-1d669bc0863c&branch=kid)


----
tmp is a temporary file and directory creator for node.js. In versions prior to 0.2.4, tmp is vulnerable to an arbitrary temporary file "/" directory write via symbolic link "dir" parameter.







----
**Additional Info**
**Attack vector:** LOCAL
**Attack complexity:** HIGH
**Confidentiality impact:** NONE
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 0.2.4


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2025-54798 @ Npm-tmp-0.0.24 #404

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2025-54798 @ Npm-tmp-0.0.24 #404

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions