CVE-2025-51387

{"id": "CVE-2025-51387", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-08-04T21:15:30.530", "references": [{"url": "https://github.com/r3ggi/electroniz3r", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://packetstorm.news/files/id/207677", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.electronjs.org/blog/statement-run-as-node-cves#mitigation", "tags": ["Mitigation"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution."}, {"lang": "es", "value": "GitKraken Desktop 10.8.0 y 11.1.0 es susceptible a la inyecci\u00f3n de c\u00f3digo debido a fusibles Electron mal configurados. En concreto, se observaron las siguientes configuraciones inseguras: RunAsNode est\u00e1 habilitado y EnableNodeCliInspectArguments no est\u00e1 deshabilitado. Estas configuraciones permiten que la aplicaci\u00f3n se ejecute en modo Node.js, lo que permite a los atacantes pasar argumentos que resultan en la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2025-10-09T17:31:44.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:axosoft:gitkraken_desktop:10.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2835CFA-6EA1-4222-8593-D13ECC996D09"}, {"criteria": "cpe:2.3:a:axosoft:gitkraken_desktop:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77787CA3-C8A5-44CD-9366-79A05EF53E82"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}