VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-z93p-zdev-h3ck

Essentials
Severities (33)
References (15)
Severity details (32)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-z93p-zdev-h3ck
Aliases	CVE-2025-55305 GHSA-vmqv-hx8q-j7mg
Summary	electron: ASAR Integrity Bypass via resource modification
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-494	Download of Code Without Integrity Check
CWE-829	Inclusion of Functionality from Untrusted Control Sphere
CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
cvssv3.1	6.1	https://github.com/electron/electron
generic_textual	MODERATE	https://github.com/electron/electron
cvssv3.1	6.1	https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
generic_textual	MODERATE	https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
ssvc	Track	https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
cvssv3.1	6.1	https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
generic_textual	MODERATE	https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
ssvc	Track	https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
cvssv3.1	6.1	https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
generic_textual	MODERATE	https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
ssvc	Track	https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
cvssv3.1	6.1	https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
generic_textual	MODERATE	https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
ssvc	Track	https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
cvssv3.1	6.1	https://github.com/electron/electron/pull/48101
generic_textual	MODERATE	https://github.com/electron/electron/pull/48101
ssvc	Track	https://github.com/electron/electron/pull/48101
cvssv3.1	6.1	https://github.com/electron/electron/pull/48102
generic_textual	MODERATE	https://github.com/electron/electron/pull/48102
ssvc	Track	https://github.com/electron/electron/pull/48102
cvssv3.1	6.1	https://github.com/electron/electron/pull/48103
generic_textual	MODERATE	https://github.com/electron/electron/pull/48103
ssvc	Track	https://github.com/electron/electron/pull/48103
cvssv3.1	6.1	https://github.com/electron/electron/pull/48104
generic_textual	MODERATE	https://github.com/electron/electron/pull/48104
ssvc	Track	https://github.com/electron/electron/pull/48104
cvssv3.1	6.1	https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
generic_textual	MODERATE	https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
ssvc	Track	https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2025-55305
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-55305

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-55305
		https://github.com/electron/electron
		https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
		https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
		https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
		https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
		https://github.com/electron/electron/pull/48101
		https://github.com/electron/electron/pull/48102
		https://github.com/electron/electron/pull/48103
		https://github.com/electron/electron/pull/48104
		https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
		https://nvd.nist.gov/vuln/detail/CVE-2025-55305
2393398		https://bugzilla.redhat.com/show_bug.cgi?id=2393398
GHSA-vmqv-hx8q-j7mg		https://github.com/advisories/GHSA-vmqv-hx8q-j7mg

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48101

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48101

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48102

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48102

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48103

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48104

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48104

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-55305

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.0079
EPSS Score	8e-05
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:50:00.654803+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json	38.6.0