Description

Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (eidos:), causing the Eidos application to launch and process the URL, leading to remote code execution on the victim’s machine. This issue does not have a fix as of October 3, 2025

INFO

Published Date :

2025-10-03T20:00:25.946Z

Last Modified :

2025-10-03T20:45:49.500Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54374 vulnerability.

Vendors Products
Eidos
  • Eidos
Mayneyao
  • Eidos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54374.

URL Resource
https://github.com/mayneyao/eidos/security/advisories/GHSA-qhhm-56qp-xr2r cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact