CVE-2025-63705

Name of the Vulnerable Software and Affected Versions node-ts-ocr version 1.0.15

Description The NPM package contains a flaw allowing OS Command Injection, which occurs when an application executes arbitrary operating system commands due to insufficient input validation. This issue is located within the invokeImageOcr() function in the src/index.js file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the invokeImageOcr() function to minimize the risk of exploitation.