Vulnerability Details CVE-2025-54871
Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.6%
CVSS Severity
CVSS v3 Score 5.5
References
- https://github.com/steveseguin/electroncapture/commit/3837f54e75911bb99fa45cfa138a5e401d16f531
- https://github.com/steveseguin/electroncapture/releases/tag/2.20.0
- https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
- https://github.com/steveseguin/electroncapture/security/advisories/GHSA-8849-p3j4-jq4h
Products affected by CVE-2025-54871
-
cpe:2.3:a:electroncapture:electron_capture:1.0.6
-
cpe:2.3:a:electroncapture:electron_capture:1.0.7
-
cpe:2.3:a:electroncapture:electron_capture:1.0.8
-
cpe:2.3:a:electroncapture:electron_capture:1.0.9
-
cpe:2.3:a:electroncapture:electron_capture:1.02
-
cpe:2.3:a:electroncapture:electron_capture:1.03
-
cpe:2.3:a:electroncapture:electron_capture:1.05
-
cpe:2.3:a:electroncapture:electron_capture:1.1.0
-
cpe:2.3:a:electroncapture:electron_capture:1.1.1
-
cpe:2.3:a:electroncapture:electron_capture:1.1.2
-
cpe:2.3:a:electroncapture:electron_capture:1.1.3
-
cpe:2.3:a:electroncapture:electron_capture:1.2.0
-
cpe:2.3:a:electroncapture:electron_capture:1.3.0
-
cpe:2.3:a:electroncapture:electron_capture:1.3.x
-
cpe:2.3:a:electroncapture:electron_capture:1.4.0
-
cpe:2.3:a:electroncapture:electron_capture:1.4.1
-
cpe:2.3:a:electroncapture:electron_capture:1.4.2
-
cpe:2.3:a:electroncapture:electron_capture:1.5.0
-
cpe:2.3:a:electroncapture:electron_capture:1.5.1
-
cpe:2.3:a:electroncapture:electron_capture:1.5.2
-
cpe:2.3:a:electroncapture:electron_capture:1.6.0
-
cpe:2.3:a:electroncapture:electron_capture:1.6.1
-
cpe:2.3:a:electroncapture:electron_capture:1.6.8
-
cpe:2.3:a:electroncapture:electron_capture:1.6.9
-
cpe:2.3:a:electroncapture:electron_capture:1.7.0
-
cpe:2.3:a:electroncapture:electron_capture:2.0.0
-
cpe:2.3:a:electroncapture:electron_capture:2.0.1
-
cpe:2.3:a:electroncapture:electron_capture:2.1.0
-
cpe:2.3:a:electroncapture:electron_capture:2.1.1
-
cpe:2.3:a:electroncapture:electron_capture:2.1.2
-
cpe:2.3:a:electroncapture:electron_capture:2.1.3
-
cpe:2.3:a:electroncapture:electron_capture:2.10.0
-
cpe:2.3:a:electroncapture:electron_capture:2.11.0
-
cpe:2.3:a:electroncapture:electron_capture:2.12.0
-
cpe:2.3:a:electroncapture:electron_capture:2.12.1
-
cpe:2.3:a:electroncapture:electron_capture:2.13.0
-
cpe:2.3:a:electroncapture:electron_capture:2.13.1
-
cpe:2.3:a:electroncapture:electron_capture:2.14.0
-
cpe:2.3:a:electroncapture:electron_capture:2.14.1
-
cpe:2.3:a:electroncapture:electron_capture:2.15.0
-
cpe:2.3:a:electroncapture:electron_capture:2.15.1
-
cpe:2.3:a:electroncapture:electron_capture:2.15.2
-
cpe:2.3:a:electroncapture:electron_capture:2.15.3
-
cpe:2.3:a:electroncapture:electron_capture:2.15.5
-
cpe:2.3:a:electroncapture:electron_capture:2.16.0
-
cpe:2.3:a:electroncapture:electron_capture:2.16.1
-
cpe:2.3:a:electroncapture:electron_capture:2.16.2
-
cpe:2.3:a:electroncapture:electron_capture:2.17.0
-
cpe:2.3:a:electroncapture:electron_capture:2.17.1
-
cpe:2.3:a:electroncapture:electron_capture:2.17.1.1
-
cpe:2.3:a:electroncapture:electron_capture:2.17.10
-
cpe:2.3:a:electroncapture:electron_capture:2.17.11
-
cpe:2.3:a:electroncapture:electron_capture:2.17.2
-
cpe:2.3:a:electroncapture:electron_capture:2.17.3
-
cpe:2.3:a:electroncapture:electron_capture:2.17.4
-
cpe:2.3:a:electroncapture:electron_capture:2.17.5
-
cpe:2.3:a:electroncapture:electron_capture:2.17.6
-
cpe:2.3:a:electroncapture:electron_capture:2.17.7
-
cpe:2.3:a:electroncapture:electron_capture:2.17.8
-
cpe:2.3:a:electroncapture:electron_capture:2.17.9
-
cpe:2.3:a:electroncapture:electron_capture:2.18.0
-
cpe:2.3:a:electroncapture:electron_capture:2.18.1
-
cpe:2.3:a:electroncapture:electron_capture:2.18.7
-
cpe:2.3:a:electroncapture:electron_capture:2.18.8
-
cpe:2.3:a:electroncapture:electron_capture:2.18.9
-
cpe:2.3:a:electroncapture:electron_capture:2.18.x
-
cpe:2.3:a:electroncapture:electron_capture:2.19.0
-
cpe:2.3:a:electroncapture:electron_capture:2.19.1
-
cpe:2.3:a:electroncapture:electron_capture:2.2.0
-
cpe:2.3:a:electroncapture:electron_capture:2.3.0
-
cpe:2.3:a:electroncapture:electron_capture:2.4.0
-
cpe:2.3:a:electroncapture:electron_capture:2.4.1
-
cpe:2.3:a:electroncapture:electron_capture:2.5.0
-
cpe:2.3:a:electroncapture:electron_capture:2.6.0
-
cpe:2.3:a:electroncapture:electron_capture:2.6.1
-
cpe:2.3:a:electroncapture:electron_capture:2.6.2
-
cpe:2.3:a:electroncapture:electron_capture:2.7.0
-
cpe:2.3:a:electroncapture:electron_capture:2.8.0
-
cpe:2.3:a:electroncapture:electron_capture:2.9.0