CVE-2025-54374

CVE-2025-54374 is a one-click remote code execution vulnerability (CWE-94) affecting Eidos, an extensible framework for Personal Data Management. The flaw exists in versions 0.21.0 and below, specifically within the application's custom URL handler for the "eidos:" protocol. When triggered, the handler processes malicious payloads without sufficient validation, enabling arbitrary code execution on the victim's local machine. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility and potential for complete system compromise.

Attackers can exploit this vulnerability without privileges by embedding a specially crafted "eidos:" URL on any website they control or compromise. A victim simply needs to visit the site or click the link, prompting their browser to invoke the Eidos application's URL handler. This launches the app and executes the embedded payload, granting the attacker remote code execution on the victim's machine with full confidentiality, integrity, and availability impacts.

The primary advisory, published via GitHub Security Advisory GHSA-qhhm-56qp-xr2r, confirms no patch or fix is available as of October 3, 2025. Security practitioners should advise users to avoid clicking suspicious "eidos:" links, disable the custom URL handler if possible, or uninstall Eidos until a remediation is released. Monitoring for exploitation attempts targeting Eidos users remains critical in the interim.