CVE-2025-55294
📋 TL;DR
CVE-2025-55294 is a command injection vulnerability in screenshot-desktop npm package that allows attackers to execute arbitrary shell commands by controlling the format option. This affects any application using vulnerable versions of screenshot-desktop to capture screenshots. Successful exploitation gives attackers the same privileges as the calling process.
💻 Affected Systems
- screenshot-desktop npm package
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with privilege escalation to root/admin, data exfiltration, ransomware deployment, or complete system takeover.
Likely Case
Local privilege escalation, data theft, lateral movement within the network, or installation of persistent backdoors.
If Mitigated
Limited impact due to proper input validation, sandboxing, or running with minimal privileges.
🎯 Exploit Status
Exploitation requires control over the format parameter passed to screenshot-desktop functions. The vulnerability is straightforward to exploit once an attacker can influence this input.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.15.2
Vendor Advisory: https://github.com/bencevans/screenshot-desktop/security/advisories/GHSA-gjx4-2c7g-fm94
Restart Required: No
Instructions:
1. Update screenshot-desktop to version 1.15.2 or later using npm update screenshot-desktop. 2. Verify the update with npm list screenshot-desktop. 3. Restart any applications using the package.
🔧 Temporary Workarounds
Input Validation
allImplement strict input validation for the format parameter before passing to screenshot-desktop
Sandbox Execution
allRun screenshot-desktop in a sandboxed environment with limited privileges
🧯 If You Can't Patch
- Implement strict input validation to only allow safe format values
- Run the application with minimal privileges and in isolated environments
🔍 How to Verify
Check if Vulnerable:
Check package.json or run npm list screenshot-desktop to see if version is below 1.15.2Check Version:
npm list screenshot-desktopVerify Fix Applied:
Verify screenshot-desktop version is 1.15.2 or higher using npm list screenshot-desktop📡 Detection & Monitoring
Log Indicators:
- Unusual shell commands executed from screenshot-desktop process
- Suspicious child processes spawned by screenshot-desktop
Network Indicators:
- Unexpected outbound connections from screenshot-desktop process
SIEM Query:
process.name:screenshot-desktop AND (process.cmdline:*;* OR process.cmdline:*&* OR process.cmdline:*|*)