CVE-2020-25019

7.5 HIGH
Published: August 29, 2020 Modified: November 17, 2025
View on NVD

Description

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
Source: cve@mitre.org
Patch Third Party Advisory
https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
Source: cve@mitre.org
Release Notes Third Party Advisory
https://github.com/jitsi/jitsi-meet-electron/security/advisories/GHSA-x4h8-fhrp-pm3p
Source: cve@mitre.org
https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2020-0001.md
Source: cve@mitre.org
https://security.stackexchange.com/questions/225799
Source: cve@mitre.org
Exploit Third Party Advisory
https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Third Party Advisory
https://security.stackexchange.com/questions/225799
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
0.1%
35th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-345

Affected Vendors

jitsi

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3