Ddos 
A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of developers to retrieve system metrics. Tracked as CVE-2025-68154, the flaw exposes Windows-based applications to OS Command Injection, potentially allowing attackers to execute arbitrary code and seize control of affected servers.
With the library boasting “over 16m downloads per month”, the blast radius of this vulnerability is significant, affecting monitoring dashboards, CLI tools, and web applications that rely on it for hardware and OS data.
The vulnerability lies within the library’s fsSize() function, specifically when running on Windows systems. This function is designed to return file system sizes, but a lack of input sanitization turned it into an open door for attackers.
According to the security advisory, “The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function.”
This means that if an application allows a user to specify which drive to query—common in monitoring tools—an attacker could inject malicious PowerShell commands instead of a valid drive letter.
The consequences of exploitation are severe. Because the injected commands run with the privileges of the Node.js process, an attacker could trigger Remote Code Execution (RCE).
The advisory outlines several critical attack scenarios:
- Total Compromise: Attackers can “Execute arbitrary commands with Node.js process privileges,” effectively hijacking the application logic .
- Data Theft: The flaw could allow adversaries to “Read sensitive files and exfiltrate data” from the hosting server.
- Lateral Movement: Once inside, attackers could “Use the compromised system to attack internal network” resources, pivoting from a low-level monitoring tool to critical infrastructure.
- Ransomware: In the worst-case scenario, the breach could be used to “Download and execute malicious payloads,” leading to a ransomware deployment.
The vulnerability affects systeminformation versions 5.27.13 and below on Windows platforms. Linux, macOS, and other Unix-based systems are unaffected .
Developers are urged to upgrade to version 5.27.14 immediately, which introduces proper sanitization to neutralize the threat.
Donate