CNNVD-202507-3045 Information

CNNVD ID

CNNVD-202507-3045

Related CVE

CVE-2025-44109

• CNNVD Published: 2025-07-23

Description (Chinese)

Pinokio Desktop是Pinokio公司的一款本地AI应用自动化工具。 Pinokio Desktop v3.6.23版本存在安全漏洞，该漏洞源于URL重定向功能，可能导致用户被重定向到恶意页面。

Description (English)

Pinokio Desktop is a local AI application automation tool for Pinokio. There is a security loophole in version Pinokio Desktop v3.6.23, which is derived from the URL re-direction function and may lead to the re-direction of the user to the malicious page.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Pinokio

Published

2025-07-23

Last Modified

2026-02-24

References

https://gist.github.com/Suuuuuzy/609c7b2e74a8cc16c8e0302a100b86e0 https://drive.google.com/file/d/12XY2WFBvGJ104gUvyG6YDIEdy4y1gl8i/view https://suuuuuzy.github.io/mostly-harmless/pinokio_poc/index.html https://access.redhat.com/security/cve/cve-2025-44109

Patch

https://pinokio.co/docs/#/?id=install