CVE-2025-54871

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
electroncaptureelectron_capture
𝑥
< 2.20.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/steveseguin/electroncapture/commit/3837f54e75911bb99fa45cfa138a5e401d16f531
https://github.com/steveseguin/electroncapture/releases/tag/2.20.0
https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h