Live Exploit TrackerNest - RCE (CVE-2025-54782)
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.
CrowdSec analysis
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Exploit Timeline
This timeline shows the history of exploitation attempts for this CVE, as detected by the CrowdSec community.
Unlock the Exploitation timeline with the
CrowdSec Live Exploit Tracker plan
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
