CVE-2025-54798 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) affecting the node-tmp package, a utility for creating temporary files and directories in Node.js applications. Versions prior to 0.2.4 do not properly handle symbolic links in the directory parameter, allowing an attacker with local access to specify a symbolic link that points to an arbitrary location. This improper link resolution can lead to arbitrary file or directory writes in locations not intended by the application, potentially overwriting critical files or planting malicious files. The vulnerability requires the attacker to have at least low-level privileges on the system (local access) and does not require user interaction, but the attack complexity is considered high due to the need to create specific symbolic links and conditions. The CVSS score of 2.5 reflects a low severity, primarily impacting integrity without affecting confidentiality or availability. The flaw is fixed in version 0.2.4 of node-tmp. No known exploits have been reported in the wild, indicating limited active exploitation. However, the vulnerability poses a risk in environments where node-tmp is used in multi-user or shared systems, or where local attackers can gain footholds. The issue highlights the importance of secure handling of symbolic links in temporary file creation utilities to prevent unauthorized file system modifications.

For European organizations, the primary impact of CVE-2025-54798 lies in the potential for local attackers to modify or overwrite files by exploiting the symbolic link vulnerability in node-tmp versions below 0.2.4. This can lead to integrity violations, such as tampering with application files, configuration files, or other critical data, potentially facilitating further privilege escalation or persistence mechanisms. Although the vulnerability does not directly compromise confidentiality or availability, the ability to write arbitrary files can undermine trust in the affected systems and lead to indirect impacts such as data corruption or unauthorized code execution if combined with other vulnerabilities. Organizations relying on Node.js applications that use node-tmp in multi-tenant or shared environments are at higher risk, especially if local user access controls are weak. The low CVSS score and absence of known exploits suggest a limited immediate threat, but the vulnerability should be addressed proactively to prevent exploitation in sensitive environments.

1. Upgrade all instances of the node-tmp package to version 0.2.4 or later, where the vulnerability is fixed. 2. Conduct an inventory of Node.js applications and development environments to identify usage of node-tmp and ensure timely patching. 3. Restrict local user permissions to prevent untrusted users from creating symbolic links or accessing directories where temporary files are created. 4. Implement filesystem monitoring to detect unusual symbolic link creation or unauthorized file writes in temporary directories. 5. Use containerization or sandboxing to isolate Node.js applications, limiting the impact of potential local exploits. 6. Educate developers and system administrators about the risks of improper symbolic link handling and enforce secure coding practices around temporary file creation. 7. Regularly audit and review local access controls and user privileges on systems running Node.js applications to minimize the risk of local exploitation.