CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Codecept: >> Codeceptjs >> 3.7.3 Security Vulnerabilities

CVE-2025-57285

codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.

CVSS Score

9.8

EPSS Score

0.007

Published

2025-09-08

Page 1

Vulnerabilities

Vulnerable Software

Codecept: >> Codeceptjs >> 3.7.3 Security Vulnerabilities

Products

Pricing

Contact Us