CVE-2025-63705

Description

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.

PUBLISHED Reserved 2025-10-27 | Published 2026-05-07 | Updated 2026-05-08 | Assigner mitre

References

gist.github.com/6en6ar/a2ac44da0f4e580190be3e66cfbb9a4a exploit

www.npmjs.com/package/node-ts-ocr

gist.github.com/6en6ar/a2ac44da0f4e580190be3e66cfbb9a4a

cve.org (CVE-2025-63705)

nvd.nist.gov (CVE-2025-63705)

Download JSON