CVE-2025-68154 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable t…
High CVSS: 8.1

CVE-2025-68154

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.
Vendor
Systeminformation
Product
Systeminformation
CWE
CWE-78
Yayın Tarihi
2025-12-16 19:16:00
Güncelleme
2026-02-19 16:26:21
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-78 Systeminformation HIGH Systeminformation 2025

Referanslar

https://github.com/sebhildebrandt/systeminformation/commit/c52f9fd07fef42d2d8e8c66f75b42178da701c68 https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-wphj-fx3q-84ch