← voltar
CVE-2025-22136

Tabby has a TCC Bypass via Misconfigured Node Fuses

CVSS 8.6 HIGHEPSS 0.4%CWE-94
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Eugeny · tabby

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Eugeny/tabby/commit/93513541f7161fa8a59491603cabb6a101c0c08ehttps://github.com/Eugeny/tabby/security/advisories/GHSA-prcj-7rvc-26h4