Code Injection Vulnerability in Tabby Terminal Emulator by Eugeny
CVE-2025-22136
Currently unrated
What is CVE-2025-22136?
Tabby, a customizable terminal emulator, previously allowed several high-risk Electron Fuses before version 1.0.217. These fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable, could lead to potential code injection vulnerabilities. Although Tabby is designed with a hardened runtime and does not expose dangerous entitlements, the presence of these fuses creates multiple vectors for malicious code injection. Users are strongly urged to upgrade to version 1.0.217 or later to mitigate this risk.