Remote Code Execution Vulnerability in Eidos Personal Data Management Framework
CVE-2025-54374

8.8HIGH

Key Information:

Vendor: Mayneyao
Status: Eidos
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-54374?

The Eidos Personal Data Management Framework, in versions 0.21.0 and earlier, has a vulnerability that allows remote code execution through crafted URLs. An attacker can exploit this flaw by embedding an 'eidos:' URL link on a website, which can be malicious. When users click on such links, the browser activates the app’s URL handler, leading the Eidos application to execute the URL, potentially resulting in harmful actions on the victim's device. Currently, there is no fix available for this issue.

Affected Version(s)

eidos <= 0.21.0

References

https://github.com/mayneyao/eidos/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Jul 21, 2025

JSON

Mayneyao

What is CVE-2025-54374?

Affected Version(s)

References

CVSS V3.1

Timeline