CVE-2020-25019

CVE Database · CVE-2020-25019

CVE-2020-25019

· HIGHModified

CVSS v3.1

7.5

EPSS

1.02%

Published

Aug 29, 2020

Modified

Nov 17, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-345

Affected Products (1)

jitsi · meet_electron (up to 2.3.0)vulnerable

References (8)

https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14

PatchThird Party Advisory

https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0

Release NotesThird Party Advisory

https://github.com/jitsi/jitsi-meet-electron/security/advisories/GHSA-x4h8-fhrp-pm3p

https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2020-0001.md

https://security.stackexchange.com/questions/225799

ExploitThird Party Advisory

https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14

Patch

KEV Catalog EPSS Scores Vendors All CVEs