Plattform
other
Komponente
eidos
Behoben in
0.21.1
CVE-2025-54374 describes a critical Remote Code Execution (RCE) vulnerability discovered in the Eidos Personal Data Management Framework. An attacker can exploit this flaw by embedding a malicious 'eidos:' URL, leading to arbitrary code execution on a victim's system. This vulnerability impacts versions of Eidos up to and including 0.21.0, and a fix is available in version 0.21.1.
The impact of CVE-2025-54374 is severe. An attacker can leverage this vulnerability to execute arbitrary code on a victim's machine simply by enticing them to click a specially crafted URL. This could lead to complete system compromise, including data theft, malware installation, and further lateral movement within a network. The ease of exploitation – requiring only a clickable link – significantly broadens the potential attack surface. This vulnerability shares similarities with other URL scheme handler vulnerabilities where improper validation allows for malicious code injection.
CVE-2025-54374 was publicly disclosed on October 3, 2025. There is no indication of this vulnerability being actively exploited at this time. The EPSS score is pending evaluation. No public proof-of-concept (PoC) code has been released as of the publication date, but the simplicity of the attack vector suggests that a PoC is likely to emerge.
Users of Eidos Personal Data Management Framework, particularly those using versions 0.21.0 or earlier, are at significant risk. This includes individuals and organizations who rely on Eidos for personal data management and those who frequently interact with external websites or links.
disclosure
Exploit-Status
EPSS
0.23% (46% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-54374 is to upgrade to Eidos version 0.21.1 or later, which contains the fix. If upgrading immediately is not feasible, consider restricting the handling of 'eidos:' URLs within your environment. This could involve blocking these URLs at the firewall or proxy level, or implementing stricter URL validation policies within your applications. Unfortunately, due to the lack of a patch prior to 0.21.1, there are no configuration workarounds. After upgrading, confirm the vulnerability is resolved by attempting to trigger the 'eidos:' URL handler with a benign test URL.
No existe una solución disponible al 3 de octubre de 2025. Se recomienda no utilizar versiones afectadas de Eidos (0.21.0 y anteriores) hasta que se publique una actualización que corrija la vulnerabilidad. Esté atento a los avisos de seguridad del proveedor para obtener más información.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-54374 is a Remote Code Execution vulnerability in Eidos Personal Data Management Framework versions up to 0.21.0. A malicious URL can trigger code execution on a victim's machine.
Yes, if you are using Eidos Personal Data Management Framework version 0.21.0 or earlier, you are vulnerable to this RCE.
Upgrade to Eidos version 0.21.1 or later to remediate the vulnerability. If immediate upgrade is not possible, restrict handling of 'eidos:' URLs.
There is currently no evidence of active exploitation, but the ease of exploitation suggests potential for future attacks.
Refer to the Eidos project's official website or security advisories for the latest information and updates regarding CVE-2025-54374.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.