CVE-2025-57283

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

28/01/2026

Last modified:

28/01/2026

Description

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.

Impact

References to Advisories, Solutions, and Tools

https://gist.github.com/Dremig/b639c61541dd1482007dc7a5cd7fefb1
https://www.npmjs.com