Lucene search
K

Microsoft Playwright Node.js Package < 1.55.1 Spoofing (CVE-2025-59288)

🗓️ 14 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Playwright Node.js package before 1.55.1 is vulnerable to spoofing due to a signature flaw.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Chainguard
CVE-2025-59288 vulnerabilities
22 Oct 202519:17
cgr
Circl
CVE-2025-59288
14 Oct 202516:38
circl
CNNVD
Microsoft Playwright 数据伪造问题漏洞
14 Oct 202500:00
cnnvd
CVE
CVE-2025-59288
14 Oct 202517:00
cve
Cvelist
CVE-2025-59288 Playwright Spoofing Vulnerability
14 Oct 202517:00
cvelist
EUVD
EUVD-2025-34363
14 Oct 202518:30
euvd
Github Security Blog
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
14 Oct 202518:30
github
Kaspersky
KLA89275 SUI vulnerability in Microsoft Open Source Software
14 Oct 202500:00
kaspersky
Microsoft CVE
Playwright Spoofing Vulnerability
14 Oct 202514:00
mscve
NVD
CVE-2025-59288
14 Oct 202517:16
nvd
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(270369);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/05");

  script_cve_id("CVE-2025-59288");

  script_name(english:"Microsoft Playwright Node.js Package < 1.55.1 Spoofing (CVE-2025-59288)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Playwright Node.js Package installed on the remote host is affected by a spoofing vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of the Microsoft Playwright Node.js Package installed on the remote host is prior to 1.55.1. It is,
therefore, affected by a spoofing vulnerability:

  - Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over
    an adjacent network. (CVE-2025-59288)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59288
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9d6478ca");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Playwright Node.js Package version 1.55.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:C/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-59288");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:nodejs:node.js");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"asset_categories", value:"component");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nodejs_modules_win_installed.nbin", "nodejs_modules_linux_installed.nbin", "nodejs_modules_mac_installed.nbin");
  script_require_keys("Host/nodejs/modules/enumerated");

  exit(0);
}

include('vcf_extras_nodejs.inc');

var app = 'playwright';

var app_info = vcf_extras::nodejs_modules::get_app_info(app:app);

if (empty_or_null(app_info))
  audit(AUDIT_NOT_INST, 'playwright');

vcf::check_all_backporting(app_info:app_info);

var constraints = [
  {'fixed_version':'1.55.1'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 Jan 2026 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 3.15.3
EPSS0.00215
SSVC
6