VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-cruc-ypd8-8yf3

Essentials
Severities (41)
References (15)
Severity details (34)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-cruc-ypd8-8yf3
Aliases	CVE-2025-55305 GHSA-vmqv-hx8q-j7mg
Summary	Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is fixed in versions 35.7.5, 36.8.1, 37.3.1 and 38.0.0-beta.6.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-829	Inclusion of Functionality from Untrusted Control Sphere

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
epss	5e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
epss	5e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
epss	5e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-55305
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
cvssv3.1	6.1	https://github.com/electron/electron
generic_textual	MODERATE	https://github.com/electron/electron
cvssv3.1	6.1	https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
generic_textual	MODERATE	https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
ssvc	Track	https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
cvssv3.1	6.1	https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
generic_textual	MODERATE	https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
ssvc	Track	https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
cvssv3.1	6.1	https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
generic_textual	MODERATE	https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
ssvc	Track	https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
cvssv3.1	6.1	https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
generic_textual	MODERATE	https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
ssvc	Track	https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
cvssv3.1	6.1	https://github.com/electron/electron/pull/48101
generic_textual	MODERATE	https://github.com/electron/electron/pull/48101
ssvc	Track	https://github.com/electron/electron/pull/48101
cvssv3.1	6.1	https://github.com/electron/electron/pull/48102
generic_textual	MODERATE	https://github.com/electron/electron/pull/48102
ssvc	Track	https://github.com/electron/electron/pull/48102
cvssv3.1	6.1	https://github.com/electron/electron/pull/48103
generic_textual	MODERATE	https://github.com/electron/electron/pull/48103
ssvc	Track	https://github.com/electron/electron/pull/48103
cvssv3.1	6.1	https://github.com/electron/electron/pull/48104
generic_textual	MODERATE	https://github.com/electron/electron/pull/48104
ssvc	Track	https://github.com/electron/electron/pull/48104
cvssv3.1	6.1	https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
cvssv3.1_qr	MODERATE	https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
generic_textual	MODERATE	https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
ssvc	Track	https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2025-55305
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-55305

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-55305
		https://github.com/electron/electron
		https://nvd.nist.gov/vuln/detail/CVE-2025-55305
2393398		https://bugzilla.redhat.com/show_bug.cgi?id=2393398
23a02934510fcf951428e14573d9b2d2a3c4f28b		https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1		https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
3f92511cdecc39f46b0e86cce40a0c691e301c9d		https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
48101		https://github.com/electron/electron/pull/48101
48102		https://github.com/electron/electron/pull/48102
48103		https://github.com/electron/electron/pull/48103
48104		https://github.com/electron/electron/pull/48104
fdf29ce83870109d403f5c23ae529dbd0e8f4fee		https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
GHSA-vmqv-hx8q-j7mg		https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
GHSA-vmqv-hx8q-j7mg		https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48101

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48101

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48102

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48102

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48103

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/pull/48104

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/pull/48104

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/ Found at https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-55305

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.01487
EPSS Score	0.00013
Published At	Sept. 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-09-09T16:38:00.560356+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/55xxx/CVE-2025-55305.json	37.0.0