Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2025-57283

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.

Published: Jan 28, 2026
Updated: Jan 30, 2026
CVE: CVE-2025-57283
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
browserstack / browserstack-local	1.5.8	1.5.8.x

https://gist.github.com/Dremig/b639c61541dd1482007dc7a5cd7fefb1
https://www.npmjs.com

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo