6 matches found
CVE-2025-27554
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...
CVE-2025-27554
creationtimestamp| type| source ---|---|--- 2025-03-01 06:27:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6052 2025-03-01 07:48:16+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114086071203267834 2025-03-01 08:00:33+00:00|...
CVE-2025-27554
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...
CVE-2025-27554
CVE-2025-27554 affects ToDesktop builds prior to 2024-10-03 where a postinstall script in package.json can be abused to execute arbitrary commands on the build server (e.g., reading secrets from the desktopify config.prod.json) and deploy updates to any app. Multiple sources note no exploitation ...
CVE-2025-27554
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...
CVE-2025-27554
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...