CVE-2025-31477

Name of the Vulnerable Software and Affected Versions Tauri shell plugin versions prior to 2.2.1

Description The Tauri shell plugin exposes functionality to execute code and open programs on the system. Due to improper validation of allowed protocols, potentially dangerous protocols like file://, smb://, or nfs:// can be opened by the system registered protocol handler. This can be abused to gain remote code execution on the system by passing untrusted user input to the open endpoint. This requires either direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application.

Recommendations Update to version 2.2.1 to fix this issue. As a temporary workaround, consider restricting access to the open endpoint to minimize the risk of exploitation. Avoid passing untrusted user input to the open endpoint until the issue is resolved.