External Control of Assumed-Immutable Web Parameter in atom-shell

CVE-2025-10891

atom-shell
chromium
chromiumembeddedframework.runtime
electron
electron-nightly
electron-prebuilt
org.webjars.npm:electron
org.webjars.npm:electron-prebuilt

High

8.8/10

Summary

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-472 - External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References

Advisory
Release Note

Advisory Timeline

Published Sep 24, 2025

External Control of Assumed-Immutable Web Parameter in atom-shell

CVE-2025-10891

Summary

CWE-472 - External Control of Assumed-Immutable Web Parameter

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS