CVE-2025-64756 | isaacs node-glob up to 11.0.x -c/–cmd os command injection (GHSA-5j98-mcp5-4vw2)

A vulnerability has been found in isaacs node-glob up to 11.0.x and classified as critical. Affected by this issue is some unknown functionality. Performing manipulation of the argument -c/–cmd results in os command injection.

This vulnerability is known as CVE-2025-64756. Remote exploitation of the attack is possible. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More