CVE-2025-55305: Electron Missing V8 Snapshot Validator
The application defaults its main delegate constructor without registering a V8 context snapshot validator. If ASAR integrity measures rely on a clean JavaScript execution environment, failing to validate the initial V8 snapshot allows attackers with local write access to bypass those measures.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
C++β
C++βgreprules fetch cve-2025-55305-electron-missing-v8-snapshot-validator --engine opengrepDescription
The application defaults its main delegate constructor without registering a V8 context snapshot validator. If ASAR integrity measures rely on a clean JavaScript execution environment, failing to validate the initial V8 snapshot allows attackers with local write access to bypass those measures.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0