Jianjia Yu

**Name of the Vulnerable Software and Affected Versions** AFFiNE versions prior to 0.25.4 **Description** AFFiNE is an open-source workspace and operating system. Versions prior to 0.25.4 contain a one-click remote code execution issue. An attacker can exploit this by embedding a specially crafted `affine:` URL on a website. Exploitation occurs when a victim visits a malicious website that redirects to the URL, or clicks a crafted link on a legitimate website. This triggers the AFFiNE custom URL handler, launching the application and processing the URL, resulting in arbitrary code execution on the victim’s machine without further interaction. **Recommendations** Update to version 0.25.4 or later.