OS Command Injection Vulnerability in bun by Snyk
CVE-2025-8022

8.7HIGH

Key Information:

Vendor: Snyk
Status: Bun
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-8022?

The bun package is susceptible to an OS Command Injection vulnerability stemming from inadequate handling of user inputs in its shell API. Attackers can exploit this flaw to inject malicious command-line arguments or shell metacharacters, resulting in unauthorized command execution on the system. Proper input validation measures are essential to mitigate such risks and protect against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

bun 0.0.12

References

https://security.snyk.io/vuln/SNYK-JS-BUN-9510752

https://gist.github.com/lirantal/9780d664037f29d5277d7b2b...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Liran Tal

JSON

Snyk

What is CVE-2025-8022?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.