- Description
- ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.
- Source
- cve@mitre.org
- NVD status
- Received
- CNA Tags
- exclusively-hosted-service
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-94
- Hype score
- Not currently trending
🚨 CVE-2025-27554 ⚠️🔴 CRITICAL (9.9) 🏢 ToDesktop - ToDesktop 🏗️ 0 🔗 https://t.co/bL5dwGoLfL 🔗 https://t.co/bVUl9BaSPs 🔗 https://t.co/yVFlNYaDnz #CyberCron #VulnAlert #InfoSec https://t.co/F1B8oNvyYo
@cybercronai
2 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: ToDesktop Electron App Bundler Critical Flaw 📅 Timeline: Disclosure: 2024-10-02, Patch: 2024-10-03 📌 Attribution: T/A xyz3va 🆔cveId: CVE-2025-27554 📊baseScore: 9.9 📏cvssMetrics: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvssSeverity: Critical 🔴… https:
@syedaquib77
2 Mar 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27554 ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.… https://t.co/j3ID8iKYTi
@CVEnew
1 Mar 2025
171 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-27554: CRITICAL] Critical security vulnerability discovered in ToDesktop application before 2024-10-03 allows remote attackers to execute arbitrary commands. Update immediately to prevent potential atta...#cybersecurity,#vulnerability https://t.co/IA5GCncjql https://t.c
@CveFindCom
1 Mar 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes