Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-55305

Published Unknown
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-55305. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
0.0
/10
Not Available
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
Not Available
Attack Complexity
Not Available
Privileges Required
Not Available
User Interaction
Not Available
Scope
Not Available

Impact Metrics

Confidentiality
Not Available
Integrity
Not Available
Availability
Not Available

Description

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is fixed in versions 35.7.5, 36.8.1, 37.3.1 and 38.0.0-beta.6.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Malicious code in bioql (PyPI)

Affected Products (ENISA)

electron
electron

ENISA Scoring

CVSS Score (3.1)

6.1
/10
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

ENISA References

https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
https://github.com/electron/electron/pull/48101
https://github.com/electron/electron/pull/48102
https://github.com/electron/electron/pull/48103
https://github.com/electron/electron/pull/48104
https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee

Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Electron has ASAR Integrity Bypass via resource modification

GHSA-vmqv-hx8q-j7mg

Advisory Details

### Impact This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. ### Workarounds There are no app side workarounds, you must update to a patched version of Electron. ### Fixed Versions * `38.0.0-beta.6` * `37.3.1` * `36.8.1` * `35.7.5` ### For more information If you have any questions or comments about this advisory, email us at [[email protected]](mailto:[email protected])

Affected Packages

npm electron
ECOSYSTEM: ≥0 <35.7.5
npm electron
ECOSYSTEM: ≥36.0.0-alpha.1 <36.8.1
npm electron
ECOSYSTEM: ≥37.0.0-alpha.1 <37.3.1
npm electron
ECOSYSTEM: ≥38.0.0-alpha.1 <38.0.0-beta.6

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

References

WEB https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-55305
WEB https://github.com/electron/electron/pull/48101
WEB https://github.com/electron/electron/pull/48102
WEB https://github.com/electron/electron/pull/48103
WEB https://github.com/electron/electron/pull/48104
WEB https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
WEB https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
WEB https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
WEB https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
PACKAGE https://github.com/electron/electron

Advisory provided by GitHub Security Advisory Database. Published: September 3, 2025, Modified: September 5, 2025

Published: Unknown
Last Modified: Unknown
Copied to clipboard!