NestJS Security Update Advisory (CVE-2025-54782)

Aug 07 2025

Overview

We have released a security update to address a vulnerability in Nest. We encourage affected product users to update to the latest version.

Affected Products

CVE-2025-54782

NestJS Version: 0.2.0 and earlier

Resolved Vulnerabilities

Remote code execution vulnerability in the devtools-integration package in NestJS (CVE-2025-54782)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-54782

NestJS version: 0.2.1

References

[1] @nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7

NestJS Security Update Advisory (CVE-2025-54782)

Google Android Family August 2025 Routine Security Update Advisory

Microsoft Exchange Server Security Update Advisory (CVE-2025-53786)

Tags:

Google Android Family August 2025 Routine Security Update Advisory

Microsoft Exchange Server Security Update Advisory (CVE-2025-53786)