CVE-2025-54387CRITICAL 9.8EPSS p45.8%

CVE-2025-54387CVE-2025-54387

Description

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.64% probability of exploitation · percentile 45.8% · 2026-06-18T12:00:27Z
Published2025-08-05
Last modified2025-10-09

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/unjs/ipx/commit/81693ddbfc062cc922e4e2406e8427ab4e3ad214
  2. https://github.com/unjs/ipx/releases/tag/v1.3.2
  3. https://github.com/unjs/ipx/releases/tag/v2.1.1
  4. https://github.com/unjs/ipx/releases/tag/v3.1.1
  5. https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr
  6. https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-35984
CVE
CVE-2025-10714
CVE
CVE-2025-25163
CVE
CVE-2025-49415
CVE
CVE-2025-52930
CVE
CVE-2025-46407
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.