Vulnerabilities

CVE-2025-27554

by Fred · 01/03/2025

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.

Assigner : [email protected]

More information : https://kibty.town/blog/todesktop

Similar

Tags: Cybersecurity Alert