CVE-2025-51387

CriticalRCE

Published: 04 August 2025

Published

04 August 2025

Modified

09 October 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0021 42.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-51387 is a critical-severity Code Injection (CWE-94) vulnerability in Axosoft Gitkraken Desktop. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 42.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to JavaScript (T1059.007) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of the flaw in GitKraken Desktop versions 10.8.0 and 11.1.0, preventing exploitation of the code injection vulnerability.

CM-6 Configuration Settings good match

prevent

Enforces secure configuration settings for Electron Fuses by disabling RunAsNode and EnableNodeCliInspectArguments, directly mitigating the misconfiguration enabling Node.js mode code injection.

CM-7 Least Functionality partial match

prevent

Limits GitKraken to least functionality by prohibiting unnecessary Node.js execution modes, reducing the attack surface for argument-based arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Misconfigured Electron fuses enable direct arbitrary JavaScript execution (Node.js context) via command-line arguments, mapping to client-side exploitation for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in…

Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.

Deeper analysisAI

CVE-2025-51387, published on 2025-08-04, is a code injection vulnerability (CWE-94) affecting GitKraken Desktop versions 10.8.0 and 11.1.0. The issue stems from misconfigured Electron Fuses, specifically with RunAsNode enabled and EnableNodeCliInspectArguments not disabled. These settings allow the application to execute in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants arbitrary code execution on the affected system, resulting in high impacts to confidentiality, integrity, and availability.

Advisories and references, including the ElectronJS blog post on mitigations for RunAsNode-related CVEs (https://www.electronjs.org/blog/statement-run-as-node-cves#mitigation), a GitHub repository for electroniz3r (https://github.com/r3ggi/electroniz3r), and PacketStorm details (https://packetstorm.news/files/id/207677), provide further information on detection and mitigation strategies for these Electron fuse misconfigurations.