External Control of Assumed-Immutable Web Parameter in atom-shell

CVE-2025-6191

atom-shell
chromium
chromiumembeddedframework.runtime
electron
electron-nightly
electron-prebuilt
org.webjars.npm:electron
org.webjars.npm:electron-prebuilt

High

8.8/10

Summary

Integer Overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out-of-bounds memory access via a crafted HTML page. (Chromium security severity: High)

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-472 - External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References

Release Note
Advisory

Advisory Timeline

Published Jun 18, 2025

External Control of Assumed-Immutable Web Parameter in atom-shell

CVE-2025-6191

Summary

CWE-472 - External Control of Assumed-Immutable Web Parameter

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS