All intelligence
// vulnerability record
live · NVDCVE-2024-57061
CRITICALpublished 2025-03-19 19:15 UTC · 1 year ago · modified 2026-06-17 08:13 UTC
9.8
CVSS / 10
// description
An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration.
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
// weaknesses (CWE)
- CWE-94
// references (4)
- https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection
- https://sha999.medium.com/cve-2024-57061-termius-insufficient-electron-fuses-configuration-limited-disclosure-ab00d0970159
- https://www.electron.build/tutorials/adding-electron-fuses.html
- https://sha999.medium.com/cve-2024-57061-termius-insufficient-electron-fuses-configuration-limited-disclosure-ab00d0970159