CVE-2025-67230 – This vulnerability in ToDesktop Builder v0.33.0... (How to Fix)

Q: What is the severity of CVE-2025-67230?

CVE-2025-67230 has a CVSS score of 7.1 (HIGH). This vulnerability in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to bypass validation and invoke external protocol handlers via the Custom URL Scheme. This could enable arbitrary command execution or data exfiltration. Users of ToDesktop Builder v0.33.0 are affected.

📋 TL;DR

This vulnerability in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to bypass validation and invoke external protocol handlers via the Custom URL Scheme. This could enable arbitrary command execution or data exfiltration. Users of ToDesktop Builder v0.33.0 are affected.

💻 Affected Systems

Products:

ToDesktop Builder

Versions: v0.33.0

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Applications built with the vulnerable ToDesktop Builder version inherit this vulnerability.

📦 What is this software?

Builder by Todesktop

View all CVEs affecting Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary system commands, install malware, or exfiltrate sensitive data from the victim's system.

🟠

Likely Case

Attackers could launch malicious applications or scripts, potentially leading to further system compromise.

🟢

If Mitigated

With proper sandboxing and least-privilege execution, impact would be limited to the application's context.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires renderer-context access, which typically means the attacker already has some foothold in the application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.34.0 or later

Vendor Advisory: https://www.todesktop.com/security/advisories/TDSA-2025-002

Restart Required: Yes

Instructions:

1. Update ToDesktop Builder to v0.34.0 or later. 2. Rebuild any applications created with the vulnerable version. 3. Distribute updated applications to end users.

🔧 Temporary Workarounds

Disable Custom URL Scheme

all

Remove or disable the Custom URL Scheme feature in application configuration.

Application Sandboxing

all

Run applications in restricted environments or sandboxes to limit protocol handler access.

🧯 If You Can't Patch

Isolate affected applications in network segments with limited external access.
Implement application allowlisting to prevent execution of unauthorized external handlers.

🔍 How to Verify

Check if Vulnerable:

Check if ToDesktop Builder version is 0.33.0 in application settings or via 'todesktop --version' command.

Check Version:

todesktop --version

Verify Fix Applied:

Confirm version is 0.34.0 or later and verify Custom URL Scheme handler has proper permission validation.

📡 Detection & Monitoring

Log Indicators:

Unexpected protocol handler invocations from ToDesktop applications
External process launches from application context

Network Indicators:

Outbound connections to unexpected protocols or services initiated by application

SIEM Query:

process_name:"todesktop" AND (event_type:"process_creation" OR event_type:"network_connection")

📊 Metadata

CVE ID: CVE-2025-67230

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-276

EPSS Score: 0.01% exploit probability (1.3th percentile)

Published: January 23, 2026

Last Updated: January 29, 2026

🔗 References

https://www.todesktop.com/changelog Product,Release Notes
https://www.todesktop.com/security/advisories/TDSA-2025-002 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67230, you might also want to check these: