CVE-2024-42366
CVSS 3.1 Score 9.0 of 10 (high)
Details
Summary
CVE-2024-42366 is a vulnerability affecting the VRCX assistant application for VRChat. In impacted versions before 2023.12.24, a CefSharp browser with excessive permissions and cross-site scripting vulnerability via overlay notifications could collectively lead to remote command execution. This issue has been addressed in VRCX version 2024.03.23 with the implementation of a patch. Additionally, VRCX maintainers collaborated with VRC to restrict the usage of older VRCX versions on their API, compelling users to upgrade their installations for continued access to the service.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.