Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-54782 PoC — @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers

Source
https://github.com/vxaretra/CVE-2025-54782
Associated Vulnerability
Title:@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers (CVE-2025-54782)
Description:Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.
Description
PoC for CVE-2025-54782
Readme
# CVE-2025-54782

PoC for CVE-2025-54782 for assignment purposes.
File Snapshot

 [4.0K]  /data/pocs/b4610f29013e2eb9f3ea211fd71cac2df389e7cd
├── [4.0K]  NestServer
│   ├── [ 606]  Dockerfile
│   ├── [ 898]  eslint.config.mjs
│   ├── [ 171]  nest-cli.json
│   ├── [2.2K]  package.json
│   ├── [385K]  package-lock.json
│   ├── [4.9K]  README.md
│   ├── [4.0K]  src
│   │   ├── [ 581]  app.controller.spec.ts
│   │   ├── [ 274]  app.controller.ts
│   │   ├── [ 404]  app.module.ts
│   │   ├── [ 142]  app.service.ts
│   │   └── [ 228]  main.ts
│   ├── [4.0K]  test
│   │   ├── [ 693]  app.e2e-spec.ts
│   │   └── [ 187]  jest-e2e.json
│   ├── [  97]  tsconfig.build.json
│   └── [ 544]  tsconfig.json
├── [4.0K]  POCWebpage
│   ├── [1.1K]  index.html
│   └── [ 615]  server.js
└── [  66]  README.md

5 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →