CVE-2024-21625
📋 TL;DR
CVE-2024-21625 is a remote code execution vulnerability in SideQuest desktop application where malicious deep links (sidequest://) can execute arbitrary code when clicked. Users of SideQuest desktop app versions before 0.10.35 are affected when they have a VR device connected and click malicious links within the application.
💻 Affected Systems
- SideQuest desktop application
📦 What is this software?
Sidequest by Sidequestvr
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attacker to execute arbitrary code with user privileges, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Attacker gains code execution on user's system, potentially stealing VR credentials, personal data, or installing malware.
If Mitigated
No impact if patched version is used or if workarounds preventing deep link execution are implemented.
🎯 Exploit Status
One-click exploitation with no authentication required. Proof of concept exists in advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.10.35 and later
Vendor Advisory: https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7
Restart Required: Yes
Instructions:
1. Open SideQuest application 2. Check for updates in settings 3. Update to version 0.10.35 or later 4. Restart the application
🔧 Temporary Workarounds
Disable deep link protocol handler
allRemove or disable the sidequest:// protocol handler registration in the operating system
Windows: reg delete HKCU\Software\Classes\sidequest /f
macOS: defaults delete com.sidequest.SideQuest
Linux: Remove sidequest.desktop file from ~/.local/share/applications/
Use web version only
allUse SideQuest web interface instead of desktop application until patched
🧯 If You Can't Patch
- Disconnect VR devices when not in use to reduce attack surface
- Train users to avoid clicking unknown links within the application
🔍 How to Verify
Check if Vulnerable:
Check SideQuest version in application settings or About dialog. If version is below 0.10.35, system is vulnerable.Check Version:
SideQuest: Check Help > About or Settings > AboutVerify Fix Applied:
Verify version is 0.10.35 or higher in application settings. Test that sidequest:// links are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual sidequest:// protocol handler invocations
- Process creation from SideQuest with suspicious command-line arguments
Network Indicators:
- Outbound connections from SideQuest to unexpected destinations
- DNS requests for malicious domains following sidequest:// link clicks
SIEM Query:
Process creation where parent_process contains 'SideQuest' and command_line contains suspicious patterns