What is the severity of CVE-2025-8022?

CVE-2025-8022 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-8022?

No known public exploits are currently available for CVE-2025-8022.

Is there a patch available for CVE-2025-8022?

No official patches have been released yet for CVE-2025-8022. Consider implementing workarounds or mitigations.

CVE-2025-8022 - CVE Details, Severity, and Analysis

Published: January 30, 2026

Last updated:1 day ago (January 30, 2026)

Updated January 30, 2026

Strobes VI. (2026). CVE-2025-8022 - CVE Details and Analysis. Strobes VI. Retrieved February 1, 2026, from https://vi.strobes.co/cve/CVE-2025-8022

Rejected reason: Bun Shell does not invoke /bin/sh, or any other interpreter, for template literals created with the $ function. Each ${…} interpolation is treated as a single argument. The security responsibility for this usage pattern lies with the calling application, which must ensure the sanitization and validation of any untrusted arguments before passing them to the executed commands. Therefore, the potential for command injection is not a flaw within Bun itself; rather, it is an argument injection that is contingent on its implementation by the consuming application.

NVD: Rejected reason: Bun Shell does not invoke /bin/sh, or any other interpreter, for template literals created with the $ function. Each ${…} interpolation is treated as a single argument. The security responsibility for this usage pattern lies with the calling application, which must ensure the sanitization and validation of any untrusted arguments before passing them to the executed commands. Therefore, the potential for command injection is not a flaw within Bun itself; rather, it is an argument injection that is contingent on its implementation by the consuming application.