CVE-2025-67230

Sažetak

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.

Reference

https://www.todesktop.com/changelog
https://www.todesktop.com/security/advisories/TDSA-2025-002

CVSS

Base:	7.1
Impact:	5.9
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

29-01-2026 - 18:43

Objavljeno

23-01-2026 - 17:16