tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

Published: 2025-08-07

CVSS: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Download Exploit for CVE-2025-54798 here:

Use Tor Browser to access .onion links.

Check our team here:

https://tatramed.sk/exploit-986-cve-2024-39717/

https://tatramed.sk/exploit-866-cve-2024-38472/

https://tatramed.sk/exploit-975-cve-2025-4428/