关联漏洞
标题:
nest 命令注入漏洞
(CVE-2025-54782)
描述:nest是nestjs开源的一个 Node.js 框架,用于使用 TypeScript/JavaScript 构建高效、可扩展和企业级的服务器端应用程序。 nest 0.2.0及之前版本存在命令注入漏洞,该漏洞源于@nestjs/devtools-integration包存在不安全JavaScript沙箱,可能导致远程代码执行。
描述
NestJS DevTools Unauthenticated RCE
介绍
# CVE-2025-54782: Critical Bug in NestJS DevTools
🚨 **Critical Security Issue** - CVSS Score: 9.4/10
## Discovery
A critical security vulnerability was discovered in NestJS DevTools that allows attackers to execute arbitrary code on developers' machines through malicious websites. This represents a significant security risk as it can lead to complete system compromise.
## The Problem
**Affected Package:** `@nestjs/devtools-integration` version 0.2.0 and below
**What Goes Wrong:** The package creates a local development server with insufficient security controls
**Who's At Risk:** Any developer using NestJS DevTools in their local environment
### How The Attack Works
When you have NestJS DevTools running, it starts a local server (usually on port 3000). This server has an endpoint at `/inspector/graph/interact` that's supposed to help with debugging. But here's the problem:
1. **Missing Access Controls** - Cross-origin requests are permitted to the local development server
2. **Inadequate Sandboxing** - The JavaScript execution sandbox can be bypassed
3. **Privilege Escalation** - Successful sandbox escape grants full system access
### Real Attack Example
A malicious website could send this request to your local NestJS server:
```http
POST /inspector/graph/interact HTTP/1.1
Content-Type: text/plain
{"code":"(function(){try{propertyIsEnumerable.call()}catch(pp){pp.constructor.constructor('return process')().mainModule.require('child_process').execSync('whoami')}})()"}
```
This payload demonstrates:
- Sandbox escape via exception handling and constructor manipulation
- Process object access through prototype chain exploitation
- Command execution via child_process module
## Security Impact
- **Remote Code Execution** - Complete system compromise potential
- **Silent Exploitation** - Attacks occur without user awareness
- **Low Attack Complexity** - Simple web interaction triggers exploitation
- **Developer Targeting** - Could facilitate supply chain attacks on development environments
## Remediation
**Immediate Action Required:** Update the package:
```bash
npm update @nestjs/devtools-integration
```
**Verify Installation:**
```bash
npm ls @nestjs/devtools-integration
```
Ensure you're running version **0.2.1 or later**.
## Timeline
- Found the vulnerability while testing NestJS DevTools
- Reported it to the NestJS team
- They fixed it in version 0.2.1
- CVE-2025-54782 was assigned
- Now sharing this publicly to help other developers stay safe
## Official References
- [Socket.dev Blog Post](https://socket.dev/blog/nestjs-rce-vuln)
- [NestJS Security Advisory](https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7)
- [Official CVE Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-54782)
---
文件快照
[4.0K] /data/pocs/a68a3380498949698dbec692618df65edfea9373
└── [2.7K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。