CVE-2025-44109
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pinokio | pinokio_desktop | 3.9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-44109 is a remote code execution vulnerability in Pinokio Desktop (an Electron-based app). It occurs because the app handles custom URLs (starting with pinokio://) that trigger internal HTTP redirects based on user-controlled parameters. Attackers can craft URLs that exploit path traversal to access and execute arbitrary JavaScript files on the victim's machine. When a user visits a malicious webpage and confirms opening Pinokio via such a URL, the app loads and runs attacker-controlled scripts, leading to remote code execution. [1]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on your machine with the privileges of the Pinokio Desktop app. An attacker can trick you into opening a malicious URL that causes Pinokio to execute arbitrary JavaScript code, potentially allowing the attacker to run any commands or software on your system, compromising your data and system integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring for the use of the custom URL scheme 'pinokio://' which triggers the vulnerable behavior. On the system, you can look for processes or logs indicating that Pinokio is being opened via such URLs. Network detection might be limited since the attack requires user interaction with a malicious webpage. Commands to detect suspicious activity could include searching browser history or logs for 'pinokio://' URLs, and monitoring local server requests to the '/pinokio' route with unusual 'uri' parameters. For example, on macOS or Linux, you might use: 1) grep browser history files for 'pinokio://' URLs; 2) monitor local server logs for requests to '/pinokio' with suspicious query parameters; 3) use process monitoring tools to detect when Pinokio is launched unexpectedly. Specific commands depend on your environment and logging setup. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Avoid opening or confirming prompts to open 'pinokio://' URLs from untrusted or unknown webpages; 2) Update Pinokio Desktop to a version patched against this vulnerability once available; 3) Restrict or monitor the execution of JavaScript files in the Pinokio directories, especially those downloaded from the internet; 4) Implement or enable path sanitization and validation if you manage the application or can configure it; 5) Educate users about the risks of confirming prompts triggered by custom URL schemes from untrusted sources. [1]