CVE-2025-51387CRITICAL 9.8EPSS p40.1%

CVE-2025-51387CVE-2025-51387

Description

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.52% probability of exploitation · percentile 40.1% · 2026-06-19T12:03:05Z
Published2025-08-04
Last modified2025-10-09

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/r3ggi/electroniz3r
  2. https://packetstorm.news/files/id/207677
  3. https://www.electronjs.org/blog/statement-run-as-node-cves#mitigation

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-12556
CVE
CVE-2025-55037
CVE
CVE-2026-34775
CVE
CVE-2026-29610
CVE
CVE-2025-1302
CVE
CVE-2026-32052
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.