CVE-2025-27554

Published Mar 1, 2025

Last updated 3 months ago

CVSS critical 9.9

Overview

Description
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.
Source
cve@mitre.org
NVD status
Received
CNA Tags
exclusively-hosted-service

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-94

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE202527554 CVE-2025-27554 (CVSS 9.9): Critical Flaw Found in ToDesktop Electron App Bundler https://t.co/7DF5gj3TyD

    @Komodosec

    8 Apr 2025

    20 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-27554 ⚠️🔴 CRITICAL (9.9) 🏢 ToDesktop - ToDesktop 🏗️ 0 🔗 https://t.co/bL5dwGoLfL 🔗 https://t.co/bVUl9BaSPs 🔗 https://t.co/yVFlNYaDnz #CyberCron #VulnAlert #InfoSec https://t.co/F1B8oNvyYo

    @cybercronai

    2 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Vulnerability Alert: ToDesktop Electron App Bundler Critical Flaw 📅 Timeline: Disclosure: 2024-10-02, Patch: 2024-10-03 📌 Attribution: T/A xyz3va 🆔cveId: CVE-2025-27554 📊baseScore: 9.9 📏cvssMetrics: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvssSeverity: Critical 🔴… https:

    @syedaquib77

    2 Mar 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-27554 ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.… https://t.co/j3ID8iKYTi

    @CVEnew

    1 Mar 2025

    171 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-27554: CRITICAL] Critical security vulnerability discovered in ToDesktop application before 2024-10-03 allows remote attackers to execute arbitrary commands. Update immediately to prevent potential atta...#cybersecurity,#vulnerability https://t.co/IA5GCncjql https://t.c

    @CveFindCom

    1 Mar 2025

    31 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.