CVE-2025-51387
Published: 04 August 2025
Summary
CVE-2025-51387 is a critical-severity Code Injection (CWE-94) vulnerability in Axosoft Gitkraken Desktop. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked in the top 29.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-51387, published on 2025-08-04, is a code injection vulnerability (CWE-94) affecting GitKraken Desktop versions 10.8.0 and 11.1.0. The issue stems from misconfigured Electron Fuses, specifically with RunAsNode enabled and EnableNodeCliInspectArguments not disabled. These settings allow the application to execute in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants arbitrary code execution on the affected system, resulting in high impacts to confidentiality, integrity, and availability.
Advisories and references, including the ElectronJS blog post on mitigations for RunAsNode-related CVEs (https://www.electronjs.org/blog/statement-run-as-node-cves#mitigation), a GitHub repository for electroniz3r (https://github.com/r3ggi/electroniz3r), and PacketStorm details (https://packetstorm.news/files/id/207677), provide further information on detection and mitigation strategies for these Electron fuse misconfigurations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23550
Vulnerability details
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in…
more
Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Misconfigured Electron fuses enable direct arbitrary JavaScript execution (Node.js context) via command-line arguments, mapping to client-side exploitation for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the flaw in GitKraken Desktop versions 10.8.0 and 11.1.0, preventing exploitation of the code injection vulnerability.
Enforces secure configuration settings for Electron Fuses by disabling RunAsNode and EnableNodeCliInspectArguments, directly mitigating the misconfiguration enabling Node.js mode code injection.
Limits GitKraken to least functionality by prohibiting unnecessary Node.js execution modes, reducing the attack surface for argument-based arbitrary code execution.