CVE-2024-25545 – This vulnerability in Weave Desktop v7.78.10 al... (How to Fix)

Q: What is the severity of CVE-2024-25545?

CVE-2024-25545 has a CVSS score of 7.8 (HIGH). This vulnerability in Weave Desktop v7.78.10 allows a local attacker to execute arbitrary code by exploiting the nwjs framework component with a crafted script. It affects users running the vulnerable version of Weave Desktop on their local systems. The attacker needs local access to the target machine to exploit this flaw.

📋 TL;DR

This vulnerability in Weave Desktop v7.78.10 allows a local attacker to execute arbitrary code by exploiting the nwjs framework component with a crafted script. It affects users running the vulnerable version of Weave Desktop on their local systems. The attacker needs local access to the target machine to exploit this flaw.

💻 Affected Systems

Products:

Weave Desktop

Versions: v7.78.10

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Weave Desktop v7.78.10 are vulnerable by default. The vulnerability resides in the nwjs framework component used by the application.

📦 What is this software?

Weave Desktop by Weave

View all CVEs affecting Weave Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the local machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation allowing attacker to execute code with the privileges of the Weave Desktop process, potentially accessing sensitive user data and system resources.

🟢

If Mitigated

Limited impact with proper application sandboxing and least privilege principles in place, containing the exploit to the application's context.

🌐 Internet-Facing: LOW - This is a local attack vector requiring physical or remote access to the target machine, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Local attackers (including malicious insiders or compromised accounts) can exploit this to gain elevated privileges and potentially compromise the entire system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available in the referenced GitHub gist. The attacker needs local access to execute the crafted script against the vulnerable nwjs component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest version > v7.78.10

Vendor Advisory: https://www.weavehelp.com/hc/en-us/articles/360060696152-Download-the-Weave-Desktop-App

Restart Required: Yes

Instructions:

1. Visit the Weave Desktop download page. 2. Download and install the latest version. 3. Restart the application. 4. Verify the version is updated to a patched release.

🔧 Temporary Workarounds

Disable or Remove Weave Desktop

all

Uninstall Weave Desktop if not essential to prevent exploitation.

sudo apt remove weave-desktop
brew uninstall weave-desktop
Use system uninstaller on Windows

Restrict Application Execution

all

Use application control policies to restrict Weave Desktop execution to trusted users only.

🧯 If You Can't Patch

Implement strict least privilege principles - run Weave Desktop with minimal necessary permissions
Isolate the application using sandboxing or containerization technologies

🔍 How to Verify

Check if Vulnerable:

Check if Weave Desktop version is exactly 7.78.10. Look for the application in installed programs or run 'weave --version' if available.

Check Version:

Check application settings or installed programs list. Command-line may vary by platform.

Verify Fix Applied:

Confirm the version is updated to a release after 7.78.10 by checking the application version in settings or running version check command.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Weave Desktop
Suspicious script execution in nwjs context
Unexpected network connections from Weave processes

Network Indicators:

Anomalous outbound connections from Weave Desktop to unexpected destinations

SIEM Query:

Process Creation where Parent Process contains 'weave' AND (Command Line contains 'nwjs' OR Command Line contains suspicious script patterns)

📊 Metadata

CVE ID: CVE-2024-25545

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-358

Published: April 12, 2024

Last Updated: June 17, 2025

🔗 References

https://gist.github.com/khronokernel/b68709335aa097752423f5d6844c3aa3 Third Party Advisory
https://www.weavehelp.com/hc/en-us/articles/360060696152-Download-the-Weave-Desktop-App Product
https://gist.github.com/khronokernel/b68709335aa097752423f5d6844c3aa3 Third Party Advisory
https://www.weavehelp.com/hc/en-us/articles/360060696152-Download-the-Weave-Desktop-App Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25545, you might also want to check these: