Login Sign Up

CVE-2025-54782

8.8 HIGH
Remote Code Execution

📋 TL;DR

A critical Remote Code Execution vulnerability in @nestjs/devtools-integration package allows malicious websites to execute arbitrary code on a developer's local machine when they have the vulnerable package enabled. This affects developers using NestJS framework versions 0.2.0 and below with the devtools integration enabled. The vulnerability stems from improper sandboxing in a local development HTTP server endpoint.

💻 Affected Systems

Products:
  • @nestjs/devtools-integration
Versions: 0.2.0 and below
Operating Systems: All operating systems running Node.js
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when devtools integration is explicitly enabled in development environment.

📦 What is this software?

Devtools Integration by Nestjs

View all CVEs affecting Devtools Integration →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of developer workstation leading to lateral movement, credential theft, and deployment of persistent malware.

🟠

Likely Case

Local machine compromise allowing attacker to steal sensitive development data, credentials, and access internal resources.

🟢

If Mitigated

Limited impact if proper network segmentation and developer workstation security controls are implemented.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires developer to visit malicious website while vulnerable devtools server is running locally.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.2.1

Vendor Advisory: https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7

Restart Required: Yes

Instructions:

1. Update package.json to specify @nestjs/devtools-integration version 0.2.1 or higher. 2. Run npm update @nestjs/devtools-integration. 3. Restart development server.

🔧 Temporary Workarounds

Disable devtools integration

all

Temporarily disable the vulnerable devtools integration package

npm uninstall @nestjs/devtools-integration

Network isolation

all

Run development server on isolated network or localhost-only binding

nest start --host 127.0.0.1

🧯 If You Can't Patch

  • Disable devtools integration completely in development environments
  • Implement strict browser security policies and network segmentation for developer workstations

🔍 How to Verify

Check if Vulnerable:

Check package.json for @nestjs/devtools-integration version <=0.2.0 and verify devtools are enabled

Check Version:

npm list @nestjs/devtools-integration

Verify Fix Applied:

Verify @nestjs/devtools-integration version is 0.2.1 or higher in package.json and node_modules

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /inspector/graph/interact endpoint
  • Suspicious code execution patterns in development server logs

Network Indicators:

  • HTTP POST requests to local development server on unusual ports
  • Cross-origin requests to localhost from external sources

SIEM Query:

source="nest-dev-server" AND (uri="/inspector/graph/interact" OR method="POST")

📊 Metadata

CVE ID: CVE-2025-54782
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-77
EPSS Score: 24.36% exploit probability (96th percentile)
Published: August 2, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54782, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)