CVE-2025-54792
Published: 01 August 2025
Summary
CVE-2025-54792 is a critical-severity Channel Accessible by Non-Endpoint (CWE-300) vulnerability in Localsend Localsend. Its CVSS base score is 9.3 (Critical).
Operationally, ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23410
Vulnerability details
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discovery protocol allows an unauthenticated…
more
attacker on the same local network to impersonate legitimate devices, silently intercepting, reading, and modifying any file transfer. This can be used to steal sensitive data or inject malware, like ransomware, into files shared between trusted users. The attack is hardly detectable and easy to implement, posing a severe and immediate security risk. This issue was fixed in version 1.17.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures only authenticated endpoints can access the communication channel, blocking unauthorized non-endpoint access.
Physically restricts transmission channels so they cannot be accessed or tapped by non-endpoint actors within facilities.
Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources.
Periodic TSCM surveys identify unauthorized access points or taps that make communication channels reachable by non-endpoint adversaries.
Explicitly isolates the communications path so it cannot be accessed or intercepted by non-endpoint entities during security functions.
Use of approved PKI certificates provides verifiable data authenticity and origin for communications and artifacts.
Restrictions and channel controls reduce the chance that VoIP media or signaling streams remain accessible to non-participants.
Mandates provision of authenticity and integrity artifacts that enable verification of name/address resolution data.