Description

Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal().

INFO

Published Date :

2025-05-09T00:00:00.000Z

Last Modified :

2025-05-12T15:03:02.039Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-29509 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-29509.

URL Resource
https://drive.google.com/file/d/1qDztNtn2merSjYgPRLWFFXqlXM9tcrjD/view?usp=sharing cve-icon cve-icon
https://gist.github.com/Suuuuuzy/b8fa2fa083793c460e3686c182f8c4d1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact