CVE-2025-29509

Published: May 9, 2025

Modified: May 12, 2025

PUBLISHED

Description

Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal().

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/Suuuuuzy/b8fa2fa083793c460e3686c182f8c4d1

https://drive.google.com/file/d/1qDztNtn2merSjYgPRLWFFXqlXM9tcrjD/view?usp=sharing

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-29509

Description

Affected Products

References