CVE-2025-55294
Published: 19 August 2025
Summary
CVE-2025-55294 is a critical-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-55294 is a command injection vulnerability (CWE-77) in the screenshot-desktop library, a tool for capturing screenshots of the local machine. The flaw arises when user-controlled input supplied to the "format" option of the screenshot function is directly interpolated into a shell command without sanitization, enabling arbitrary command execution with the privileges of the calling process. This issue affects versions of screenshot-desktop prior to 1.15.2 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited remotely by any unauthenticated attacker over the network, with low attack complexity and no requirement for user interaction or privileges. Successful exploitation allows the attacker to execute arbitrary commands on the target system at the privilege level of the process invoking the screenshot function, potentially leading to full system compromise including data theft, modification, or disruption.
The vulnerability is addressed in screenshot-desktop version 1.15.2. Security advisories recommend updating to this patched version immediately. Additional details are available in the GitHub security advisory (GHSA-gjx4-2c7g-fm94) and the fixing commit (59c87b0c175eec76090e6ccde313f4fc5d569b78).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25196
Vulnerability details
screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results…
more
in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in exposed library function enables remote arbitrary command execution (T1059) via public-facing apps (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, prioritization, assessment, and remediation of flaws like the command injection vulnerability by updating screenshot-desktop to the patched version 1.15.2.
Mandates validation of user-controlled inputs to the format option before interpolation into shell commands, directly preventing command injection exploitation.
Enforces least privilege on the calling process, limiting the scope and impact of arbitrary command execution resulting from the vulnerability.