PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-57283 Browserstack CVE debrief

CVE-2025-57283 is a high-severity command injection vulnerability in the Node.js package browserstack-local 1.5.8. The vulnerability occurs because the logfile variable is not properly sanitized in lib/Local.js. This allows an attacker to inject arbitrary commands, potentially leading to a compromise of the affected system. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.8, indicating a high level of severity. The vulnerability was published on January 28, 2026, and last modified on June 30, 2026. Browserstack has been identified as the vendor, and the affected product is Browserstack-Local. Users of this package should take immediate action to mitigate the risk.

Vendor
Browserstack
Product
browserstack-local
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-28
Original CVE updated
2026-06-30
Advisory published
2026-01-28
Advisory updated
2026-06-30

Who should care

Developers and administrators using the browserstack-local package in their Node.js applications should be aware of this vulnerability and take steps to mitigate it. Given the high CVSS score, priority should be given to patching or mitigating this vulnerability to prevent potential attacks. Additionally, users of Red Hat systems may find relevant information in the references provided.

Technical summary

The CVE-2025-57283 vulnerability is caused by a lack of proper sanitization of the logfile variable in the lib/Local.js file of the browserstack-local package. This allows an attacker to inject arbitrary commands, potentially leading to a compromise of the affected system. The vulnerability has a CVSS score of 7.8 and a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The CWE-94 and CWE-78 weaknesses are associated with this vulnerability. The affected product is Browserstack-Local, version 1.5.8, and the vulnerability affects Node.js applications using this package.

Defensive priority

High priority should be given to patching or mitigating this vulnerability due to its high CVSS score and potential impact. Administrators should review their systems for usage of the affected package and apply patches or mitigations as soon as possible.

Recommended defensive actions

  • Apply the patch for browserstack-local version 1.5.8 or later.
  • Review and sanitize user input to prevent command injection.
  • Monitor systems for suspicious activity related to the browserstack-local package.
  • Consider implementing compensating controls, such as restricting access to the affected systems.
  • Review and update inventory to ensure all instances of the package are accounted for.

Evidence notes

The CVE-2025-57283 vulnerability was published on January 28, 2026, and last modified on June 30, 2026. The vulnerability is caused by a lack of proper sanitization of the logfile variable in the lib/Local.js file of the browserstack-local package. The CVSS score for this vulnerability is 7.8, indicating a high level of severity. The CWE-94 and CWE-78 weaknesses are associated with this vulnerability. References include the CVE record, NVD detail, and various vendor and source references.

Official resources

This article is AI-assisted and based on the supplied source corpus.