CNNVD-202509-422 Information
CNNVD ID
CNNVD-202509-422
Related CVE
- CNNVD Published: 2025-09-04
Description (Chinese)
Electron是Electron开源的一个用户编写跨平台桌面应用的 JavaScript 框架。该框架基于 nodejs 和 Chromium 可以使用HTML,CSS实现跨平台桌面应用的编写。 Electron存在安全漏洞,该漏洞源于资源修改导致ASAR完整性绕过。以下版本受到影响:35.7.5之前版本、36.0.0-alpha.1至36.8.0版本、37.0.0-alpha.1至37.3.1版本和38.0.0-alpha.1至38.0.0-beta.6版本。
Description (English)
Electron is a JavaScript framework for a user from the Electron Open Source that prepares a cross-platform desktop application. The framework is based on nodejs and Chromium for the development of cross-platform desktop applications using HTML, CSS. There is a security loophole in Electron, which stems from resource modifications that lead to the ASAR integrity circumvention. The following versions were affected: pre-35.7.5, 36.0.0-alpha.1 to 36.8.0, 37.0.0-alpha.1 to 37.3.1 and 38.0.0-alpha.1 to 38.0.0-beta.6.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Electron
Published
2025-09-04
Last Modified
2026-02-24
References
https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1 https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee https://github.com/electron/electron/pull/48101 https://github.com/electron/electron/pull/48102 https://github.com/electron/electron/pull/48103 https://github.com/electron/electron/pull/48104 https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
Patch
https://github.com/electron/electron/releases
Share on: