Cyber Resilience

CVE-2025-54792

CriticalPublic PoC

Published: 01 August 2025

Published
01 August 2025
Modified
03 September 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54792 is a critical-severity Channel Accessible by Non-Endpoint (CWE-300) vulnerability in Localsend Localsend. Its CVSS base score is 9.3 (Critical).

Operationally, ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discovery protocol allows an unauthenticated…

more

attacker on the same local network to impersonate legitimate devices, silently intercepting, reading, and modifying any file transfer. This can be used to steal sensitive data or inject malware, like ransomware, into files shared between trusted users. The attack is hardly detectable and easy to implement, posing a severe and immediate security risk. This issue was fixed in version 1.17.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

localsend
localsend
≤ 1.17.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-300

Ensures only authenticated endpoints can access the communication channel, blocking unauthorized non-endpoint access.

addresses: CWE-300

Physically restricts transmission channels so they cannot be accessed or tapped by non-endpoint actors within facilities.

addresses: CWE-345

Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources.

addresses: CWE-300

Periodic TSCM surveys identify unauthorized access points or taps that make communication channels reachable by non-endpoint adversaries.

addresses: CWE-300

Explicitly isolates the communications path so it cannot be accessed or intercepted by non-endpoint entities during security functions.

addresses: CWE-345

Use of approved PKI certificates provides verifiable data authenticity and origin for communications and artifacts.

addresses: CWE-300

Restrictions and channel controls reduce the chance that VoIP media or signaling streams remain accessible to non-participants.

addresses: CWE-345

Mandates provision of authenticity and integrity artifacts that enable verification of name/address resolution data.

References