CVE Details
Basic Information
| Title | Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS) |
|---|---|
| Type | cve |
| Published | 2025-08-05T00:03:09.902Z |
| Modified | 2025-08-05T00:03:09.902Z |
Product Information
| Vendor | steveseguin |
|---|---|
| Product | electroncapture |
| Version | < 2.20.0 |
CVSS Information
| Base Score | 5.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
AI Analysis
| AI Description | A vulnerability in Electron Capture allows local users to bypass macOS TCC privacy protections, enabling arbitrary Node.js code execution with inherited TCC entitlements. This could grant access to sensitive files and directories. The issue is fixed in version 2.20.0. |
|---|---|
| AI Severity | High |
| AI Vendor | Steve Seguin |
| AI Product | Electron Capture |
| AI Version | 2.19.1 and below |
Affected Products
- steveseguin electroncapture < 2.20.0
Additional Information
| CWE List | CWE-284 |
|---|---|
| Source | GitHub_M |
Description
Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.