CVE-2025-61787: 
Rust vulnerability analysis and mitigation

Deno, a JavaScript, TypeScript, and WebAssembly runtime, was found to contain a high-severity command injection vulnerability (CVE-2025-61787) affecting versions prior to 2.5.3 and 2.2.15. The vulnerability specifically impacts Windows systems when batch files are executed, allowing potential command injection attacks (NVD, Security Online).

The vulnerability stems from Windows' CreateProcess() API behavior, which implicitly spawns cmd.exe when executing batch files (.bat, .cmd), even if not explicitly specified in the command line. The vulnerability has been assigned a CVSS score of 8.1 (High) with a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high potential impact on confidentiality, integrity, and availability (GitHub Advisory).

When exploited, the vulnerability allows attackers to perform command injection attacks on Windows systems when batch files are executed. This could lead to unauthorized command execution outside the intended execution context, potentially compromising system security (Security Online).

The vulnerability has been patched in Deno versions 2.5.3 and 2.2.15. Users are strongly advised to upgrade to these patched versions to prevent potential command injection attacks. The fix involves rejecting direct execution of .bat and .cmd files on Windows systems (GitHub Commit).