CVE-2025-24888

Summary

CVE-2025-24888: A vulnerability was discovered in the SecureDrop Client, a desktop application used by journalists for secure communication with sources, prior to version 0.14.1. A maliciously crafted SecureDrop Server could exploit this issue to gain code execution on the SecureDrop Client's virtual machine (sd-app). Filenames obtained from HTTP headers were used to write encrypted replies on disk, but before being moved to the Client’s data storage directory, the files were written to arbitrary locations, allowing an attacker to create an autostart file in /home/user/.config/autostart/ and achieve code execution. This vulnerability required prior compromise of the SecureDrop Server and as of publication, no known instances of exploitation have been reported. The issue was resolved in version 0.14.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.