CVE-2025-67230

low-risk

Published 2026-01-23

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.1/10 High

NETWORK / HIGH complexity

Affected Products (1)

Builder

Affected Vendors

Todesktop

References (2)

Product https://www.todesktop.com/changelog

Vendor Advisory https://www.todesktop.com/security/advisories/TDSA-2025-002

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal