A critical remote code execution vulnerability has been discovered in the popular NestJS framework that could allow attackers to execute arbitrary code on developer machines.
The vulnerability, tracked as CVE-2025-54782, affects the @nestjs/devtools-integration package and has been assigned the highest severity rating due to its potential for complete system compromise through simple web-based attacks.
https://gbhackers.com/nestjs-vulnerabil ... execution/