CVE-2025-61787

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat, .cmd, etc.) is being executed even if the application does not specify it via the command line. This makes Deno vulnerable to a command injection attack on Windows. Versions 2.5.3 and 2.2.15 fix the issue.
Configurations

No configuration.

History

08 Oct 2025, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-10-08 02:15

Updated : 2025-10-08 19:38


NVD link : CVE-2025-61787

Mitre link : CVE-2025-61787

CVE.ORG link : CVE-2025-61787


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')