Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-32374 | Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (eidos:), causing the Eidos application to launch and process the URL, leading to remote code execution on the victim’s machine. This issue does not have a fix as of October 3, 2025 |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 24 Oct 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mayneyao eidos
|
|
| CPEs | cpe:2.3:a:mayneyao:eidos:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Mayneyao edios
|
Mayneyao eidos
|
Fri, 10 Oct 2025 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mayneyao
Mayneyao edios |
|
| CPEs | cpe:2.3:a:mayneyao:edios:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Mayneyao
Mayneyao edios |
Mon, 06 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Eidos
Eidos eidos |
|
| Vendors & Products |
Eidos
Eidos eidos |
Fri, 03 Oct 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 03 Oct 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (eidos:), causing the Eidos application to launch and process the URL, leading to remote code execution on the victim’s machine. This issue does not have a fix as of October 3, 2025 | |
| Title | Eidos: One-click Remote Code Execution through Custom URL Handling | |
| Weaknesses | CWE-94 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-10-03T20:45:49.500Z
Reserved: 2025-07-21T16:12:20.733Z
Link: CVE-2025-54374
Updated: 2025-10-03T20:24:46.298Z
Status : Analyzed
Published: 2025-10-03T20:15:33.180
Modified: 2025-10-24T19:03:30.450
Link: CVE-2025-54374
No data.
OpenCVE Enrichment
Updated: 2025-10-06T14:42:23Z
EUVD