CVE-2025-55294

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/bencevans/screenshot-desktop/commit/59c87b0c175eec76090e6ccde313f4fc5d569b78
https://github.com/bencevans/screenshot-desktop/security/advisories/GHSA-gjx4-2c7g-fm94

Configurations

No configuration.

History

20 Aug 2025, 14:40

Type	Values Removed	Values Added
Summary		(es) screenshot-desktop permite capturar una captura de pantalla de su equipo local. Esta vulnerabilidad se debe a un problema de inyección de comandos. Cuando se pasa una entrada controlada por el usuario a la opción de formato de la función de captura de pantalla, esta se interpola en un comando de shell sin depurar. Esto provoca la ejecución arbitraria de comandos con los privilegios del proceso que los invocó. Esta vulnerabilidad se corrigió en la versión 1.15.2.

19 Aug 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 18:15

Updated : 2025-08-20 14:40

NVD link : CVE-2025-55294

Mitre link : CVE-2025-55294

CVE.ORG link : CVE-2025-55294

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

9.8 /10