exploitDog

CVE-2025-51387

Опубликовано: 04 авг. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.

Ссылки

https://github.com/r3ggi/electroniz3r
Not Applicable
https://packetstorm.news/files/id/207677
Broken Link
https://www.electronjs.org/blog/statement-run-as-node-cves#mitigation
Mitigation

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:axosoft:gitkraken_desktop:10.8.0:*:*:*:*:*:*:*

cpe:2.3:a:axosoft:gitkraken_desktop:11.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00084

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-76r6-cmf5-5xf4

CVSS3: 9.8

github

6 месяцев назад

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.

EPSS

Процентиль: 24%

0.00084

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94