Bug 2386976 (CVE-2025-54798) - CVE-2025-54798 tmp: tmp Symbolic Link Write Vulnerability
Summary: CVE-2025-54798 tmp: tmp Symbolic Link Write Vulnerability
Keywords:
Status: NEW
Alias: CVE-2025-54798
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2387011 2387013 2387014 2387016 2387018 2387020 2387022 2387012 2387015 2387017 2387019 2387021
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-07 01:01 UTC by OSIDB Bzimport
Modified: 2025-08-26 07:19 UTC (History)
128 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-08-07 01:01:13 UTC 
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
Note You need to log in before you can comment on or make changes to this bug.