CVE-2025-68619 is a high-severity code injection vulnerability in signalk-server (npm), affecting versions < 2.9.0. It is fixed in 2.9.0.
The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm supports installing packages from git repositories, GitHub shorthand syntax, and HTTP/HTTPS URLs pointing to tarballs. When npm installs a package, it can automatically execute any postinstall script defined in package.json, enabling arbitrary code execution. The vulnerability exists because npm's version specifier syntax is extremely flexible, and the SignalK code passes the version parameter directly to npm without sanitization. An attacker with admin access can install a package from an attacker-controlled source containing a malicious postinstall script. Affected Code File: src/interfaces/appstore.js (lines 46-76) File: src/modules.ts (lines 180-205) Impact An attacker with admin credentials (obtained via the authentication bypass chain) can execute arbitrary commands on the server with the privileges of the SignalK process. This enables complete system compromise including data theft, backdoor installation, lateral movement, and denial of service. A compromised server can inject malicious PGN messages onto the NMEA 2000 bus or forge NMEA 0183 sentences, affecting all connected devices. Attack scenarios include manipulating autopilot systems (Pypilot, Raymarine, Garmin) via the Autopilot API to alter vessel course, spoofing AIS messages to create phantom vessels on radar, altering GPS position data sent to chart plotters and autopilots, injecting false depth sounder readings, manipulating wind instrument data, or sending shutdown commands to electronically controlled engines via NMEA 2000. Many vessels expose SignalK to the internet for remote monitoring, making them globally accessible to attackers. The vulnerability can be exploited using any of npm's flexible version specifier formats: Real npm Package with Required Keyword Publishing a malicious package to the official npm registry with the signalk-node-server-plugin or signalk-webapp keyword allows us to install arbitrary npm packages using standard semantic versioning format (1.0.0). This is non-stealthy as the package is publicly visible, but can be leveraged to spread malware via npm's ecosystem, since such a package will show up on the webapp feed and other users might install it. Real npm Package via npm Alias The npm: prefix allows installing a package under a different name. For example, npm:[email protected] installs malicious-package but references it as if it were the legitimate signalk-pushover-plugin. This obscures the actual package being installed from casual inspection, making it stealthier while still requiring npm publishing. Package Hosted on GitHub (GitHub Shorthand) The format username/repo (URL-encoded as attacker%2Fmalicious-plugin) is shorthand for github:username/repo. npm automatically fetches the repository from GitHub, extracts it, and runs npm install. If the repo contains a postinstall script, it executes. The repository must contain a valid package.json with the malicious script. Package Hosted on Attacker-Controlled Git Server (git+ Protocol) The git+https:// or git+ssh:// prefix tells npm to clone a git repository. This works with any git server, not just GitHub. The attacker has full control over the repository contents and can update it at any time. This provides maximum control over the package source without relying on third-party services. Package Hosted on Attacker Webserver as Tarball The http:// or https:// URL pointing to a .tgz file tells npm to download and extract the tarball. This is the most flexible method as it requires no external service dependencies - the attacker controls both the package contents and the hosting infrastructure. No git repository or npm registry account needed. All methods result in npm executing the postinstall script from the attacker-controlled package. A malicious npm package requires only two files to achieve RCE: package.json - Defines the package metadata and the malicious script: The postinstall script executes automatically after npm installs the package. index.js - Minimal plugin implementation to avoid errors: PoC using the tarball variant of the exploit Recommendation Restrict package installation to the official npm registry only by validating that version parameters match semver format Use npm's --ignore-scripts flag to prevent automatic script execution Implement an allowlist of approved packages Consider sandboxing the package installation process While we understand that allowing 3rd party plugin installation is an intended functionality we believe that more secure practices must be applied to the whole process given the operational importance a SignalK instance can have onboard a vessel and it's rise in polularity.
Untrusted input is evaluated as executable code within the application's runtime environment. Typical impact: arbitrary code execution within the application's privilege context.
CVE-2025-68619 has a CVSS score of 7.2 (High). The vector is network-reachable, high privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (2.9.0). Upgrading removes the vulnerable code path.
npm
signalk-server (< 2.9.0)signalk-server → 2.9.0 (npm)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's Application Detection and Response identifies whether CVE-2025-68619 is reachable in your applications. Explore runtime application protection for your team.
See if CVE-2025-68619 is reachable in your applications. Get a demo
Upgrade signalk-server to 2.9.0 or later to resolve this vulnerability.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2025-68619 is a high-severity code injection vulnerability in signalk-server (npm), affecting versions < 2.9.0. It is fixed in 2.9.0. Untrusted input is evaluated as executable code within the application's runtime environment.
CVE-2025-68619 has a CVSS score of 7.2 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
signalk-server (npm) versions < 2.9.0 is affected.
Yes. CVE-2025-68619 is fixed in 2.9.0. Upgrade to this version or later.
Whether CVE-2025-68619 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
Upgrade signalk-server to 2.9.0 or later.