CVE-2025-24889

Summary

CVE-2025-24889 is a vulnerability affecting the SecureDrop Client, a desktop application used by journalists on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker with code execution on the SecureDrop Workstation could exploit a path traversal bug in the `sd-log` virtual machine, resulting in arbitrary file writing and potentially code execution. The vulnerability required the attacker to have code execution on another virtual machine and could not be exploited remotely. By manipulating the VM name in a log file destination path, an attacker could overwrite or add files in arbitrary directories, including directories used by software for configuration files. This could potentially lead to code execution, as in the case of the XFCE autostart directory. Versions 0.14.1 and 1.0.1 include a patch to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.