Remote Command Execution Vulnerability in ToDesktop Software
CVE-2025-27554

9.9CRITICAL

Key Information:

Vendor
Todesktop
Status
Todesktop
Vendor
CVE Published:
1 March 2025

Summary

ToDesktop versions prior to October 3, 2024, including the Cursor application, contain a vulnerability that permits remote attackers to execute arbitrary commands on the build server. This flaw could lead to the unauthorized reading of sensitive configuration files, enabling attackers to deploy updates to applications without permission. Such a weakness highlights the importance of securing build environments and implementing effective patch management strategies.

Affected Version(s)

ToDesktop 0 < 2024-10-03

References

https://kibty.town/blog/todesktop
https://www.todesktop.com/blog/posts/security-incident-at...
https://news.ycombinator.com/item?id=43210858

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.