Upstream information
Description
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is fixed in versions 35.7.5, 36.8.1, 37.3.1 and 38.0.0-beta.6.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
CNA (GitHub) | |
---|---|
Base Score | 6.1 |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | Required |
Scope | Unchanged |
Confidentiality Impact | Low |
Integrity Impact | High |
Availability Impact | Low |
CVSSv3 Version | 3.1 |
SUSE Timeline for this CVE
CVE page created: Fri Sep 5 10:01:23 2025CVE page last modified: Fri Sep 5 14:30:39 2025