CVE-2025-67230
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-01-29
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| todesktop | builder | to 0.33.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper permissions flaw in the Custom URL Scheme handler of ToDesktop Builder versions before 0.33.0. It allows attackers who have access to the renderer contextβpossibly through another vulnerability or malicious contentβto invoke external protocol handlers without proper validation or permission checks. This means an attacker could trigger actions like opening arbitrary URLs in the user's browser or other external applications without authorization. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with low privileges and network access, combined with active user interaction, to perform unauthorized actions such as opening arbitrary URLs or launching external applications on your system. This could lead to further attacks, phishing, or exposure to malicious content, compromising confidentiality, integrity, and availability of your system. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update ToDesktop Builder to version 0.33.0 or later. After updating, rebuild your applications and release new app versions. If you have automatic security updates disabled, enable them or apply the update manually to ensure protection against this issue. [1]