CVE-2025-57282
Received Received - Intake
Command Injection Vulnerability in ngrok

Publication date: 2026-05-18

Last updated on: 2026-05-18

Assigner: MITRE

Description
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-18
Generated
2026-06-10
AI Q&A
2026-05-18
EPSS Evaluated
2026-06-08
NVD
CVE-2025-57282
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ngrok ngrok to 4.3.3 (inc)
ngrok ngrok to 5.0.0-beta.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-57282 is a command injection vulnerability in the npm package ngrok, specifically affecting versions 4.3.3 and 5.0.0-beta.2.

This flaw allows attackers to execute arbitrary commands on the system by exploiting the way ngrok processes certain inputs.

A proof of concept demonstrated that an attacker could use malicious options to create files or run commands on the affected system.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands on your system where the vulnerable ngrok package is installed.

Such command execution can lead to unauthorized access, data manipulation, system compromise, or the installation of malicious software.

Detection Guidance

This vulnerability can be detected by checking if the vulnerable versions of the npm package ngrok (4.3.3 or 5.0.0-beta.2) are installed on your system.

Additionally, detection can involve looking for signs of exploitation such as the presence of unexpected files created by the command injection, for example a file named "Dremig486" in the current directory.

A possible command to check the installed version of ngrok is:

  • npm list ngrok

To search for the suspicious file created by exploitation attempts, you can run:

  • find . -name "Dremig486"
Mitigation Strategies

Immediate mitigation steps include removing or upgrading the vulnerable versions of the ngrok package (4.3.3 or 5.0.0-beta.2) to a version that is not affected by the command injection vulnerability.

If an upgrade is not available, consider disabling or restricting the use of ngrok until a secure version is released.

Also, monitor your system for any suspicious activity or files that may indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57282. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart